Firefox must be configured to allow only TLS.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15983	DTBF030	SV-16925r6_rule		Medium

Description
Use of versions prior to TLS 1.1 are not permitted. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs.

STIG	Date
Mozilla Firefox Security Technical Implementation Guide	2018-09-17

Details

Check Text ( C-16610r6_chk )
Open a browser window, type "about:config" in the address bar. Verify Preference Name "security.enable_tls" is set to the value "true" and locked. Verify Preference Name "security.tls.version.min" is set to the value "2" and locked. Verify Preference Name "security.tls.version.max" is set to the value "3" and locked. Criteria: If the parameters are set incorrectly, then this is a finding. If the settings are not locked, then this is a finding.

Check Text ( C-16610r6_chk )

Open a browser window, type "about:config" in the address bar.

Verify Preference Name "security.enable_tls" is set to the value "true" and locked.
Verify Preference Name "security.tls.version.min" is set to the value "2" and locked.
Verify Preference Name "security.tls.version.max" is set to the value "3" and locked.

Criteria: If the parameters are set incorrectly, then this is a finding.

If the settings are not locked, then this is a finding.

Fix Text (F-15984r6_fix)
Configure the following parameters using the Mozilla.cfg file: LockPref "security.enable_tls" is set to "true". LockPref "security.tls.version.min" is set to "2". LockPref "security.tls.version.max" is set to "3".