STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The RHEL 8 operating system must implement DoD-approved TLS encryption in the OpenSSL package.

DISA Rule

SV-230255r627750_rule

Vulnerability Number

V-230255

Group Title

SRG-OS-000250-GPOS-00093

Rule Version

RHEL-08-010294

Severity

CAT II

CCI(s)

• CCI-001453 - The information system implements cryptographic mechanisms to protect the integrity of remote access sessions.

Weight

10

Fix Recommendation

Configure the RHEL 8 OpenSSL library to use only DoD-approved TLS encryption by editing the following line in the "/etc/crypto-policies/back-ends/opensslcnf.config" file:

MinProtocol = TLSv1.2

A reboot is required for the changes to take effect.

Check Contents

Verify the OpenSSL library is configured to use only DoD-approved TLS encryption:

$ sudo grep -i MinProtocol /etc/crypto-policies/back-ends/opensslcnf.config

MinProtocol = TLSv1.2

If the "MinProtocol" is set to anything older than "TLSv1.2", this is a finding.

Vulnerability Number

V-230255

Documentable

False

Rule Version

RHEL-08-010294

Severity Override Guidance

Verify the OpenSSL library is configured to use only DoD-approved TLS encryption:

$ sudo grep -i MinProtocol /etc/crypto-policies/back-ends/opensslcnf.config

MinProtocol = TLSv1.2

If the "MinProtocol" is set to anything older than "TLSv1.2", this is a finding.

Check Content Reference

M

Target Key

2921

Comments