{"description": "Because HTTP is a plain text protocol, all traffic is susceptible to passive\nmonitoring. If there is a need for confidentiality, SSL should be configured\nand enabled to encrypt content.\n<br /><br />\nNote: <tt>mod_nss</tt> is a FIPS 140-2 certified alternative to <tt>mod_ssl</tt>.\nThe modules share a considerable amount of code and should be nearly identical\nin functionality. If FIPS 140-2 validation is required, then <tt>mod_nss</tt> should\nbe used. If it provides some feature or its greater compatibility is required,\nthen <tt>mod_ssl</tt> should be used.", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": ["httpd_configure_tls", "httpd_configure_valid_server_cert", "httpd_install_mod_ssl", "httpd_require_client_certs"], "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Deploy mod_ssl", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/group.yml"}