Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-221589 | DTBC-0056 | SV-221589r508655_rule | Medium |
Description |
---|
If this policy is not configured then Google Chrome uses a default minimum version, which is TLS 1.0. Otherwise, it may be set to one of the following values: "tls1", "tls1.1" or "tls1.2". When set, Google Chrome will not use SSL/TLS versions less than the specified version. An unrecognized value will be ignored. "tls1" = TLS 1.0 "tls1.1" = TLS 1.1 "tls1.2" = TLS 1.2 |
STIG | Date |
---|---|
Google Chrome Current Windows Security Technical Implementation Guide | 2020-09-22 |
Check Text ( C-23304r478211_chk ) |
---|
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "SSLVersionMin" is not displayed under the "Policy Name" column or it is not set to "tls1.1", this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "SSLVersionMin" value name does not exist or its value data is not set to "tls1.1", this is a finding. |
Fix Text (F-23293r478212_fix) |
---|
Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Minimum SSL version enabled Policy State: Enabled Policy Value: TLS 1.1 |