Enable Transport Layer Security (TLS) Encryption
An XCCDF Rule
Description
Disable old SSL and TLS version and enable the latest TLS encryption by setting
the following in /etc/httpd/conf.modules.d/ssl.conf:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1Make sure to also set
SSLEngine to on in
/etc/httpd/conf.modules.d/ssl.conf like the following:
SSLEngine on
Rationale
Transport Layer Security (TLS) encryption is a required security setting for a private web server. Encryption of private information is essential to ensuring data confidentiality. If private information is not encrypted, it can be intercepted and easily read by an unauthorized party. A web server must use a FIPS 140-2 approved TLS version, and all non-FIPS-approved SSL versions must be disabled.
- ID
- xccdf_org.ssgproject.content_rule_httpd_configure_tls
- Severity
- Medium
- References
- Updated