UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IE SSL/TLS parameter must be set correctly.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6238 DTBI014 SV-43158r1_rule ECSC-1 Medium
Description
This parameter ensures only DoD approved ciphers and algorithms are enabled for use by the web browser. TLS and SSL are protocols for protecting communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other’s list of supported protocols and versions and pick the most preferred match.
STIG Date
Internet Explorer 8 STIG 2012-11-29

Details

Check Text ( C-41146r3_chk )
Procedures: Open Internet Explorer. From the menu bar select Tools. From the Tools dropdown menu, select the Internet Options. From the Internet Options window, select the Advanced tab, from the Advanced tab window scroll down to the Security category, verify a check mark is placed in the "Use SSL 3.0" and "Use TLS 1.0" checkboxes. Verify there is not a check placed in the checkbox for SSL 2.0.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Criteria: If the value SecureProtocols is REG_DWORD = a0 (hex), this is not a finding. If the value SecureProtocols is REG_DWORD = a8 (hex), this is a finding.

NOTE: Use of TLS 1.1 and 1.2 are permissible in connection with SSl 3.0 and TLS 1.0.
Fix Text (F-36694r3_fix)
Check mark the options to enable "SSL 3.0" and "TLS 1.0" in the Internet Explorer Options, Advanced page. Uncheck the box option for SSL 2.0. Change registry key

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings so that value SecureProtocols is REG_DWORD a0 (hex).

NOTE: Use of TLS 1.1 and 1.2 are permissible in connection with SSl 3.0 and TLS 1.0.