Firefox must be configured to allow only TLS 1.2 or above.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-251546	FFOX-00-000002	SV-251546r820745_rule		High

Description
Use of versions prior to TLS 1.2 are not permitted. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs.

STIG	Date
Mozilla Firefox Security Technical Implementation Guide	2022-09-09

Details

Check Text ( C-54981r820743_chk )
Type "about:policies" in the browser window. If "SSLVersionMin" is not displayed under Policy Name or the Policy Value is not "tls1.2" or "tls1.3", this is a finding.

Fix Text (F-54935r820744_fix)
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Minimum SSL version enabled Policy State: Enabled Policy Value: TLS 1.2 (or TLS 1.3) macOS "plist" file: Add the following: SSLVersionMin tls1.2 (or tls1.3) Linux "policies.json" file: Add the following in the policies section: "SSLVersionMin": "tls1.2" or ("SSLVersionMin": "tls1.3")

Fix Text (F-54935r820744_fix)

Windows group policy:
1. Open the group policy editor tool with "gpedit.msc".
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\
Policy Name: Minimum SSL version enabled
Policy State: Enabled
Policy Value: TLS 1.2 (or TLS 1.3)

macOS "plist" file:
Add the following:
SSLVersionMin
tls1.2 (or tls1.3)

Linux "policies.json" file:
Add the following in the policies section:
"SSLVersionMin": "tls1.2" or ("SSLVersionMin": "tls1.3")