The WebSphere Liberty Server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The WebSphere Liberty Server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-250347	IBMW-LS-001110	SV-250347r850906_rule		Medium

Description
Export grade encryption suites are not strong and do not meet DoD requirements. The encryption for the session becomes easy for the attacker to break. Do not use export grade encryption.

STIG	Date
IBM WebSphere Liberty Server Security Technical Implementation Guide	2022-09-09

Details

Check Text ( C-53782r795092_chk )
Review the ${server.config.dir}/server.xml file and check the "enabledCiphers" setting. If any of the ciphers specified in the enabledCiphers setting contains the word "EXPORT", this is a finding. keyStoreRef="defaultKeyStore" trustStoreRef="defaultTrustStore" clientAuthentication="true" sslProtocol="TLS" enabledCiphers="SSL_xxx_yyy_zzz"/>

Fix Text (F-53736r795093_fix)
Review the ${server.config.dir}/server.xml file and if needed, modify the "enabledCiphers" setting for each affected SSL configuration. keyStoreRef="defaultKeyStore" trustStoreRef="defaultTrustStore" clientAuthentication="true" sslProtocol="TLS" enabledCiphers="SSL_xxx_yyy_zzz"/> where xxx, yyy, and zzz do not contain "EXPORT".