Firefox is not configured to allow use of TLS 1.0 and above.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-57607 | DTBF-0004 | SV-72017r1_rule | Medium |
| Description |
|---|
| DoD implementations of SSL must use TLS 1.0 in accordance with the Network Infrastructure STIG. Earlier versions of SSL have known security vulnerabilities and are not authorized for use in DOD. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2017-03-22 |
Details
| Check Text ( C-58439r3_chk ) |
|---|
| Procedure: In about:config, verify that the setting for the following Preference Name’s are set and locked. “security.enable_tls”, set to “true”; “security.tls.version.min”, set to “1.0”. Criteria: If the parameter is set incorrectly, then this is a finding. If the setting is not locked, then this is a finding. |
| Fix Text (F-62807r2_fix) |
|---|
| Set and lock the following preferences using the “Mozilla.cfg” file: “security.enable_tls”, set to “true”; “security.tls.version.min”, set to “1.0”. |