Firefox deprecated ciphers must be disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-251571	FFOX-00-000027	SV-251571r879587_rule		Medium

Description
A weak cipher is defined as an encryption/decryption algorithm that uses a key of insufficient length. Using an insufficient length for a key in an encryption/decryption algorithm opens up the possibility (or probability) that the encryption scheme could be broken.

STIG	Date
Mozilla Firefox Security Technical Implementation Guide	2023-06-05

Details

Check Text ( C-55006r820760_chk )
Type "about:policies" in the browser address bar. If "DisabledCiphers" is not displayed under Policy Name or the Policy Value is not "TLS_RSA_WITH_3DES_EDE_CBC_SHA" with a value of "true", this is a finding.

Fix Text (F-54960r820761_fix)
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Disabled Ciphers Policy Name: TLS_RSA_WITH_3DES_EDE_CBC_SHA Policy State: Enabled macOS "plist" file: Add the following: DisabledCiphers TLS_RSA_WITH_3DES_EDE_CBC_SHA Linux "policies.json" file: Add the following in the policies section: "DisabledCiphers": { "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true }

Fix Text (F-54960r820761_fix)

Windows group policy:
1. Open the group policy editor tool with "gpedit.msc".
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Disabled Ciphers
Policy Name: TLS_RSA_WITH_3DES_EDE_CBC_SHA
Policy State: Enabled

macOS "plist" file:
Add the following:
DisabledCiphers

TLS_RSA_WITH_3DES_EDE_CBC_SHA

Linux "policies.json" file:
Add the following in the policies section:
"DisabledCiphers": {
"TLS_RSA_WITH_3DES_EDE_CBC_SHA": true
}