The Firefox SSLV2 parameter is configured to allow use of SSL 3.0.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15982 | DTBF010 | SV-16924r3_rule | ECSC-1 | Medium |
| Description |
|---|
| Use of versions prior to TLS 1.0 are not permitted because these versions are non-standard. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2015-06-30 |
Details
| Check Text ( C-16609r2_chk ) |
|---|
| Open a browser window, type "about:config" in the address bar, then navigate to the setting for Preference Name "security.enable_ssl3" and verify the value is set to "false". Criteria: If the parameter is set incorrectly, then this is a finding. If the value is not locked this is a finding. |
| Fix Text (F-15983r3_fix) |
|---|
| Set the preference "security.enable_ssl3" is set to "false" and lock using the Mozilla.cfg file. |