Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of OpenEmbedded
Services
Web Server
Secure Apache Configuration
Use Appropriate Modules to Improve httpd's Security
Deploy mod_ssl
Deploy mod_ssl
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
Deploy mod_ssl
Because HTTP is a plain text protocol, all traffic is susceptible to passive monitoring. If there is a need for confidentiality, SSL should be configured and enabled to encrypt content.
Note:
mod_nss
is a FIPS 140-2 certified alternative to
mod_ssl
. The modules share a considerable amount of code and should be nearly identical in functionality. If FIPS 140-2 validation is required, then
mod_nss
should be used. If it provides some feature or its greater compatibility is required, then
mod_ssl
should be used.