Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-46473 | DTBI014-IE11 | SV-59337r1_rule | ECSC-1 | Medium |
Description |
---|
This parameter ensures only DoD-approved ciphers and algorithms are enabled for use by the web browser. TLS and SSL are protocols for protecting communications between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other's list of supported protocols and versions and pick the most preferred match. |
STIG | Date |
---|---|
Microsoft Internet Explorer 11 Security Technical Implementation Guide | 2014-05-13 |
Check Text ( C-49683r5_chk ) |
---|
Open Internet Explorer. From the menu bar, select Tools. From the Tools drop-down menu, select Internet Options. From the Internet Options window, select the "Advanced" tab, from the Advanced tab window scroll down to the Security category. Verify a check mark is placed in 'Use SSL 3.0' and 'Use TLS 1.0' or higher checkboxes. Verify there is not a check placed in the checkbox for 'Use SSL 2.0'. If 'Use SSL 2.0' is checked, then this is a finding. The policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Advanced Page-> 'Turn off Encryption Support' must be 'Enabled' and ensure the options selected include 'Use SSL 3.0 and TLS 1.0 or higher' from the drop down box. If the selected options contain 'SSL 2.0', then this is a finding. |
Fix Text (F-50263r5_fix) |
---|
Open Internet Explorer. From the menu bar, select Tools. From the Tools drop-down menu, select Internet Options. From the Internet Options window, select the "Advanced" tab, from the Advanced tab window scroll down to the Security category. Place a check mark in 'Use SSL 3.0' and 'Use TLS 1.0' or higher checkboxes. Uncheck 'Use SSL 2.0' option. Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer-> Internet Control Panel-> Advanced Page-> 'Turn off Encryption Support' to 'Enabled', and select 'Use SSL 3.0 and TLS 1.0' or higher from the drop down box. Ensure the option does not include 'SSL 2.0'. |