Firefox is configured to allow use of SSL 2.0.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-57605 | DTBF-0003 | SV-72015r1_rule | Medium |
| Description |
|---|
| Use of versions prior to TLS 1.0 is not permitted because these versions are non-standard. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs. SSL 2.0 setting does not appear in the Options dialog and must be disabled using about:config. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2017-03-22 |
Details
| Check Text ( C-58437r1_chk ) |
|---|
| Procedure: In about:config, verify that the setting for the following Preference Name’s are set and locked. “security.enable_ssl2", set to "false”. Criteria: If the parameter is set incorrectly, then this is a finding. If the value is not locked this is a finding. |
| Fix Text (F-62805r1_fix) |
|---|
| Set and lock the following preferences using the “Mozilla.cfg” file: “security.enable_ssl2”, set to “false”. |