Firefox is configured to allow use of SSL 3.0.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-57581 | DTBF-0002 | SV-71991r1_rule | Medium |
| Description |
|---|
| DoD implementations of SSL must use TLS 1.0 in accordance with the Network Infrastructure STIG. Earlier versions of SSL have known security vulnerabilities and are not authorized for use in DOD. Firefox has this set to on by default but this is not apparent in the GUI options screen. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2017-03-22 |
Details
| Check Text ( C-58413r3_chk ) |
|---|
| Procedure: In about:config, verify that the setting for the following Preference names are set and locked. “security.enable_ssl3”, set to “false”. Criteria: If the values of the listed Preferences are not set and locked to these settings, then this is a finding. |
| Fix Text (F-62781r3_fix) |
|---|
| Set and lock the following preferences using the “Mozilla.cfg” file: “security.enable_ssl3”, set to “false”. |