Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15982 | DTBF010 | SV-16924r3_rule | ECSC-1 | Medium |
Description |
---|
Use of versions prior to TLS 1.0 are not permitted because these versions are non-standard. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs. |
STIG | Date |
---|---|
Mozilla Firefox | 2015-06-30 |
Check Text ( C-16609r2_chk ) |
---|
Open a browser window, type "about:config" in the address bar, then navigate to the setting for Preference Name "security.enable_ssl3" and verify the value is set to "false". Criteria: If the parameter is set incorrectly, then this is a finding. If the value is not locked this is a finding. |
Fix Text (F-15983r3_fix) |
---|
Set the preference "security.enable_ssl3" is set to "false" and lock using the Mozilla.cfg file. |