Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Firefox SSLV2 parameter is configured to allow use of SSL 2.0.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15982 | DTBF010 | SV-16924r4_rule | ECSC-1 | Medium |
| Description |
|---|
| Use of versions prior to TLS 1.0 are not permitted because these versions are non-standard. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2015-12-30 |
Details
| Check Text ( C-16609r4_chk ) |
|---|
| Open a browser window, type "about:config" in the address bar, then navigate to the setting for Preference Name "security.enable_ssl2" and verify the value is set to "false". Criteria: If the parameter is set incorrectly, then this is a finding. If the value is not locked this is a finding. Note: Newer versions may not show "security.enable_ssl2" and may be replaced with “security.tls.version.min” instead. Open a browser window, type "about:config" in the address bar, then navigate to the setting for Preference Name "security.tls.version.min" and set the value to “1” and locked. Criteria: If the value of "security.tls.version.min" is “1”, this is not a finding. If the value is locked, this is not a finding. |
| Fix Text (F-15983r5_fix) |
|---|
| Set the preference "security.enable_ssl2" is set to "false" and lock using the Mozilla.cfg file. For newer versions, set the preference "security.tls.version.min" to “1” and lock using the Mozilla.cfg file. |