UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Firefox must be configured to allow only TLS.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15983 DTBF030 SV-16925r3_rule Medium
Description
Use of versions prior to TLS 1.0 are not permitted because these versions are non-standard. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs.
STIG Date
Mozilla Firefox 2016-06-28

Details

Check Text ( C-16610r3_chk )
Open a browser window, type "about:config" in the address bar.

Verify Preference Name "security.enable_tls" is set to the value "true" and locked.
Verify Preference Name "security.enable_ssl2" is set to the value "false" and locked.
Verify Preference Name "security.enable_ssl3" is set to the value "false" and locked.
Verify Preference Name "security.tls.version.min" is set to the value "1" and locked.
Verify Preference Name "security.tls.version.max" is set to the value "3" and locked.

Criteria: If the parameters are set incorrectly, then this is a finding.

If the settings are not locked, then this is a finding.
Fix Text (F-15984r3_fix)
Configure the following parameters using the Mozilla.cfg file:

LockPref "security.enable_tls" is set to "true".
LockPref "security.enable_ssl2" is set to "false".
LockPref "security.enable_ssl3" is set to "false".
LockPref "security.tls.version.min" is set to "1".
LockPref "security.tls.version.max" is set to "3".