Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-64559 | OH12-1X-000321 | SV-79049r1_rule | Medium |
Description |
---|
Transport Layer Security (TLS) is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2 approved TLS versions must be enabled and non-FIPS-approved SSL versions must be disabled. NIST SP 800-52 defines the approved TLS versions for government applications. |
STIG | Date |
---|---|
Oracle HTTP Server 12.1.3 Security Technical Implementation Guide | 2019-01-04 |
Check Text ( C-65301r1_chk ) |
---|
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/ 2. Search for the "SSLFIPS" directive at the OHS server configuration scope. 3. If the directive is omitted or is not set to "On", this is a finding. |
Fix Text (F-70489r1_fix) |
---|
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/ 2. Search for the "SSLFIPS" directive at the OHS server configuration scope. 3. Set the "SSLFIPS" directive to "On", add the directive if it does not exist. |