Title

Chrome must be configured to allow only TLS. (Cat I impact)

Discussion

If this policy is not configured then Google Chrome uses a default minimum version, which is TLS 1.0. Otherwise, it may be set to one of the following values: "tls1", "tls1.1" or "tls1.2". When set, Google Chrome will not use SSL/TLS versions less than the specified version. An unrecognized value will be ignored. "tls1" = TLS 1.0 "tls1.1" = TLS 1.1 "tls1.2" = TLS 1.2

Check Content

Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "SSLVersionMin" is not displayed under the "Policy Name" column or it is not set to "tls1.2", this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "SSLVersionMin" value name does not exist or its value data is not set to "tls1.2", this is a finding.

Fix Text

Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Minimum SSL version enabled Policy State: Enabled Policy Value: TLS 1.2

Additional Identifiers

Rule ID: SV-234701r850369_rule

Vulnerability ID: V-234701

Group Title: SRG-APP-000416

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.