UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Firefox deprecated ciphers must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-251571 FFOX-00-000027 SV-251571r807185_rule Medium
Description
A weak cipher is defined as an encryption/decryption algorithm that uses a key of insufficient length. Using an insufficient length for a key in an encryption/decryption algorithm opens up the possibility (or probability) that the encryption scheme could be broken.
STIG Date
Mozilla Firefox Security Technical Implementation Guide 2021-12-01

Details

Check Text ( C-55006r807183_chk )
Type "about:policies" in the browser address bar.

If "DisabledCiphers" is not displayed under Policy Name or the Policy Value is not "TLS_RSA_WITH_3DES_EDE_CBC_SHA" with a value of "false", this is a finding.
Fix Text (F-54960r807184_fix)
Windows group policy:
1. Open the group policy editor tool with "gpedit.msc".
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Disabled Ciphers
Policy Name: TLS_RSA_WITH_3DES_EDE_CBC_SHA Update
Policy State: Disabled

macOS "plist" file:
Add the following:
DisabledCiphers

TLS_RSA_WITH_3DES_EDE_CBC_SHA



Linux "policies.json" file:
Add the following in the policies section:
"DisabledCiphers": {
"TLS_RSA_WITH_3DES_EDE_CBC_SHA": false
}