STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM WebSphere Liberty Server Security Technical Implementation Guide

V-250347

CAT II (Medium)

The WebSphere Liberty Server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.

Rule ID

SV-250347r961632_rule

STIG

IBM WebSphere Liberty Server Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-002418

Discussion

Export grade encryption suites are not strong and do not meet DoD requirements. The encryption for the session becomes easy for the attacker to break. Do not use export grade encryption.

Check Content

Review the ${server.config.dir}/server.xml file and check the "enabledCiphers" setting. If any of the ciphers specified in the enabledCiphers setting contains the word "EXPORT", this is a finding. 

<ssl id="myDefaultSSLConfig"
       keyStoreRef="defaultKeyStore"
       trustStoreRef="defaultTrustStore"
       clientAuthentication="true"
       sslProtocol="TLS" 
       enabledCiphers="SSL_xxx_yyy_zzz"/>

Fix Text

Review the ${server.config.dir}/server.xml file and if needed, modify the "enabledCiphers" setting for each affected SSL configuration.

<ssl id="myDefaultSSLConfig"
       keyStoreRef="defaultKeyStore"
       trustStoreRef="defaultTrustStore"
       clientAuthentication="true"
       sslProtocol="TLS" 
       enabledCiphers="SSL_xxx_yyy_zzz"/> 

where xxx, yyy, and zzz do not contain "EXPORT".