UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Firefox is configured to allow use of SSL 2.0.


Overview

Finding ID Version Rule ID IA Controls Severity
V-57605 DTBF-0003 SV-72015r1_rule Medium
Description
Use of versions prior to TLS 1.0 is not permitted because these versions are non-standard. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs. SSL 2.0 setting does not appear in the Options dialog and must be disabled using about:config.
STIG Date
Mozilla Firefox 2017-03-22

Details

Check Text ( C-58437r1_chk )
Procedure:
In about:config, verify that the setting for the following Preference Name’s are set and locked.

“security.enable_ssl2", set to "false”.

Criteria:
If the parameter is set incorrectly, then this is a finding. If the value is not locked this is a finding.
Fix Text (F-62805r1_fix)
Set and lock the following preferences using the “Mozilla.cfg” file:
“security.enable_ssl2”, set to “false”.