STIGQter STIGQter: STIG Summary: Apache Server 2.4 UNIX Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The Apache web server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.

DISA Rule

SV-214269r612240_rule

Vulnerability Number

V-214269

Group Title

SRG-APP-000439-WSR-000188

Rule Version

AS24-U1-000900

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Update the cipher specification string for all enabled SSLCipherSuite directives to include !EXPORT.

Check Contents

Determine the location of the "HTTPD_ROOT" directory and the
"httpd.conf" and "ssl.conf" files:

Open the httpd.conf and ssl.conf file with an editor and search for the following uncommented directive: SSLCipherSuite

For all enabled SSLCipherSuite directives, ensure the cipher specification string contains the kill cipher from list option for all export cipher suites, i.e., !EXPORT, which may be abbreviated !EXP as in the following example:

Example: SSLCipherSuite="HIGH:MEDIUM:!MD5!EXP:!NULL:!LOW:!ADH

If the SSLCipherSuite directive does not contain !EXPORT or !EXP or there are no enabled SSLCipherSuite directives, this is a finding.

Vulnerability Number

V-214269

Documentable

False

Rule Version

AS24-U1-000900

Severity Override Guidance

Determine the location of the "HTTPD_ROOT" directory and the
"httpd.conf" and "ssl.conf" files:

Open the httpd.conf and ssl.conf file with an editor and search for the following uncommented directive: SSLCipherSuite

For all enabled SSLCipherSuite directives, ensure the cipher specification string contains the kill cipher from list option for all export cipher suites, i.e., !EXPORT, which may be abbreviated !EXP as in the following example:

Example: SSLCipherSuite="HIGH:MEDIUM:!MD5!EXP:!NULL:!LOW:!ADH

If the SSLCipherSuite directive does not contain !EXPORT or !EXP or there are no enabled SSLCipherSuite directives, this is a finding.

Check Content Reference

M

Target Key

3996

Comments