UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Chrome must be configured to allow only TLS.


Overview

Finding ID Version Rule ID IA Controls Severity
V-81583 DTBC-0056 SV-96297r3_rule Medium
Description
If this policy is not configured then Google Chrome uses a default minimum version, which is TLS 1.0. Otherwise, it may be set to one of the following values: "tls1", "tls1.1" or "tls1.2". When set, Google Chrome will not use SSL/TLS versions less than the specified version. An unrecognized value will be ignored. "tls1" = TLS 1.0 "tls1.1" = TLS 1.1 "tls1.2" = TLS 1.2
STIG Date
Google Chrome Current Windows Security Technical Implementation Guide 2019-10-04

Details

Check Text ( C-81333r3_chk )
Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If "SSLVersionMin" is not displayed under the "Policy Name" column or it is not set to "tls1.1", this is a finding.
Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the "SSLVersionMin" value name does not exist or its value data is not set to "tls1.1", this is a finding.
Fix Text (F-88409r4_fix)
Windows group policy:
1. Open the “group policy editor” tool with gpedit.msc.
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\
Policy Name: Minimum SSL version enabled
Policy State: Enabled
Policy Value: TLS 1.1