UCF STIG Viewer Logo

The WebSphere Liberty Server must be configured to use HTTPS only.


Overview

Finding ID Version Rule ID IA Controls Severity
V-250348 IBMW-LS-001120 SV-250348r862997_rule Medium
Description
Transmission of data can take place between the application server and a large number of devices/applications external to the application server. Examples are a web client used by a user, a backend database, a log server, or other application servers in an application server cluster.
STIG Date
IBM WebSphere Liberty Server Security Technical Implementation Guide 2022-09-09

Details

Check Text ( C-53783r862995_chk )
Review the ${server.config.dir}/server.xml file and check the ssl-1.0 feature and httpEndpoint settings.

If the ssl-1.0 feature is not defined, this is a finding.

If the httpEndpoint settings do not include ssloptions, this is a finding.


servlet-3.0
ssl-1.0
appSecurity-2.0


host="localhost"
httpPort="${bvt.prop.HTTP_default}"
httpsPort="${bvt.prop.HTTP_default.secure}" >


Fix Text (F-53737r862996_fix)
Modify the server.xml file. Enable the ssl-1.0 feature and configure the httpEndpoint settings. The keystores and truststores must also be configured.


servlet-3.0
ssl-1.0
appSecurity-2.0


host="localhost"
httpPort="${bvt.prop.HTTP_default}"
httpsPort="${bvt.prop.HTTP_default.secure}" >




keyStoreRef="defaultKeyStore"
trustStoreRef="defaultKeyStore"
serverKeyAlias="default" />

keyStoreRef="defaultKeyStore"
trustStoreRef="alternateTrustStore"
serverKeyAlias="alternateCert"
enabledCiphers="AES256-SHA AES128-SHA" />


location="${server.config.dir}/resources/security/sslOptions.jks" />

location="${server.config.dir}/resources/security/trust.jks" />

location="${server.config.dir}/resources/security/optionsTrust.jks" />

location="${server.config.dir}/apps/basicauth.war" />