Chrome must be configured to allow only TLS.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-234701 | DTBC-0056 | SV-234701r850369_rule | High |
| Description |
|---|
| If this policy is not configured then Google Chrome uses a default minimum version, which is TLS 1.0. Otherwise, it may be set to one of the following values: "tls1", "tls1.1" or "tls1.2". When set, Google Chrome will not use SSL/TLS versions less than the specified version. An unrecognized value will be ignored. "tls1" = TLS 1.0 "tls1.1" = TLS 1.1 "tls1.2" = TLS 1.2 |
| STIG | Date |
|---|---|
| Google Chrome Current Windows Security Technical Implementation Guide | 2022-09-09 |
Details
| Check Text ( C-37887r850367_chk ) |
|---|
| Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "SSLVersionMin" is not displayed under the "Policy Name" column or it is not set to "tls1.2", this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "SSLVersionMin" value name does not exist or its value data is not set to "tls1.2", this is a finding. |
| Fix Text (F-37849r850368_fix) |
|---|
| Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Minimum SSL version enabled Policy State: Enabled Policy Value: TLS 1.2 |