Firefox must be configured to allow only TLS.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15983 | DTBF030 | SV-16925r4_rule | Medium |
| Description |
|---|
| Use of versions prior to TLS 1.0 are not permitted because these versions are non-standard. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2017-01-06 |
Details
| Check Text ( C-16610r4_chk ) |
|---|
| Open a browser window, type "about:config" in the address bar. Verify Preference Name "security.tls.version.min" is set to the value "1" and locked. Verify Preference Name "security.tls.version.max" is set to the value "3" and locked. Criteria: If the parameters are set incorrectly, then this is a finding. If the settings are not locked, then this is a finding. |
| Fix Text (F-15984r4_fix) |
|---|
| Configure the following parameters using the Mozilla.cfg file: LockPref "security.tls.version.min" is set to "1". LockPref "security.tls.version.max" is set to "3". |