Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-64729 | DTBI1100-IE11 | SV-79219r1_rule | Medium |
Description |
---|
This parameter ensures only DoD-approved ciphers and algorithms are enabled for use by the web browser by blocking an insecure fallback to SSL when TLS 1.0 or greater fails. |
STIG | Date |
---|---|
Microsoft Internet Explorer 11 Security Technical Implementation Guide | 2015-12-18 |
Check Text ( C-65471r2_chk ) |
---|
Open Internet Explorer. From the menu bar, select "Tools". From the "Tools" drop-down menu, select "Internet Options". From the "Internet Options" window, select the "Advanced" tab, from the "Advanced" tab window scroll down to the "Security" category. Verify there is not a check placed in the check box for "Use SSL 2.0" or "Use SSL 3.0". If "Use SSL 2.0" or "Use SSL 3.0" is checked, this is a finding. The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> "Allow fallback to SSL 3.0 (Internet Explorer)" must be "Enabled", and "No Sites" selected from the drop-down box. If "Allow fallback to SSL 3.0 (Internet Explorer)" is not "Enabled" or any other drop-down option is selected, this is a finding. |
Fix Text (F-70659r2_fix) |
---|
Open Internet Explorer. From the menu bar, select "Tools". From the "Tools" drop-down menu, select "Internet Options". From the "Internet Options" window, select the "Advanced" tab, from the "Advanced" tab window scroll down to the "Security" category. Uncheck "Use SSL 2.0" and "Use SSL 3.0" options. Set the policy value for Computer Configuration >> Administrative Templates >> Internet Explorer >> Security Features >> "Allow fallback to SSL 3.0 (Internet Explorer)" to "Enabled", and select "No Sites" from the drop-down box. |