I have configured my Django website on apache to run on the
https protocol. And it is running as expected on
But in the VAPT test, we are getting “Transmission of Credential in Clear text”. We have enabled SSL and used cipher as well, which was shown below.
# When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port # Listen 8080
SSLProtocol -all +TLSv1.2 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GC:DES-CBC3-SHA$ WSGIPythonPath "E:/Python/Django channels/real_time_table/" <VirtualHost *:8080> ServerAdmin firstname.lastname@example.org <Location "/retail/ws/home"> ProxyPass "wss://xx.xx.xx.xx:8081/retail/ws/home" </Location> WSGIScriptAlias / "E:/Python/Django channels/real_time_table/real_time_table/wsgi.py" DocumentRoot "E:/Python/Django channels/real_time_table" <Directory "E:/Python/Django channels/real_time_table/"> <Files wsgi.py> AllowOverride All Require all granted </Files> </Directory> <Directory "E:/Python/Django channels/real_time_table/app/static"> Require all granted </Directory> Alias /static "E:/Python/Django channels/real_time_table/app/static" SSLEngine on SSLCertificateFile "E:/Python/Django channels/real_time_table/cert/Wildcard_Jan19.crt" SSLCertificateKeyFile "E:/Python/Django channels/real_time_table/cert/wildcard_jan19_new.key" ErrorLog "E:/Python/Django channels/real_time_table/log/error.log" CustomLog "E:/Python/Django channels/real_time_table/log/access.log" common </VirtualHost>
What else we should do apache configuration to pass the credentials in encrypted form?
As I’m new to this, I tried provided all the necessary information at my best. Feel free to ask for more details to solve this issue.