Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-221529 | OH12-1X-000321 | SV-221529r415268_rule | Medium |
Description |
---|
Transport Layer Security (TLS) is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2 approved TLS versions must be enabled and non-FIPS-approved SSL versions must be disabled. NIST SP 800-52 defines the approved TLS versions for government applications. |
STIG | Date |
---|---|
Oracle HTTP Server 12.1.3 Security Technical Implementation Guide | 2021-12-29 |
Check Text ( C-23244r415266_chk ) |
---|
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/ 2. Search for the "SSLFIPS" directive at the OHS server configuration scope. 3. If the directive is omitted or is not set to "On", this is a finding. |
Fix Text (F-23233r415267_fix) |
---|
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/ 2. Search for the "SSLFIPS" directive at the OHS server configuration scope. 3. Set the "SSLFIPS" directive to "On", add the directive if it does not exist. |