Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15983 | DTBF030 | SV-16925r1_rule | ECSC-1 | Medium |
Description |
---|
DoD implementations of SSL must use TLS 1.0 in accordance with the Network Infrastructure STIG. Earlier versions of SSL have known security vulnerabilities and are not authorized for use in DOD. |
STIG | Date |
---|---|
Mozilla FireFox | 2013-04-08 |
Check Text ( C-16610r1_chk ) |
---|
Open a browser window, type "about:config" in the address bar. Verify Preference Name "security.enable_tls" is set to the value "true" and locked. Criteria: If the parameter is set incorrectly, then this is a finding. If the setting is not locked, then this is a finding. |
Fix Text (F-15984r1_fix) |
---|
Ensure the preference value of "security.enable_tls" is set to "true" and locked. |