STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

The web server must remove all export ciphers from the cipher suite.

DISA Rule

SV-75159r1_rule

Vulnerability Number

V-60707

Group Title

WG345

Rule Version

WG345 A22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Update the cipher specification string for all enabled SSLCipherSuite directives to include !EXPORT.

Check Contents

Locate the Apache httpd.conf and ssl.conf file if available.
Open the httpd.conf and ssl.conf file with an editor and search for the following uncommented directive: SSLCipherSuite
For all enabled SSLCipherSuite directives, ensure the cipher specification string contains the kill cipher from list option for all export cipher suites, i.e., !EXPORT, which may be abbreviated !EXP. If the SSLCipherSuite directive does not contain !EXPORT or there are no enabled SSLCipherSuite directives, this is a finding.

Vulnerability Number

V-60707

Documentable

False

Rule Version

WG345 A22

Severity Override Guidance

Locate the Apache httpd.conf and ssl.conf file if available.
Open the httpd.conf and ssl.conf file with an editor and search for the following uncommented directive: SSLCipherSuite
For all enabled SSLCipherSuite directives, ensure the cipher specification string contains the kill cipher from list option for all export cipher suites, i.e., !EXPORT, which may be abbreviated !EXP. If the SSLCipherSuite directive does not contain !EXPORT or there are no enabled SSLCipherSuite directives, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments