Title

Firefox must be configured to allow only TLS 1.2 or above. (Cat I impact)

Discussion

Use of versions prior to TLS 1.2 are not permitted. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs.

Check Content

Type "about:policies" in the browser window. If "SSLVersionMin" is not displayed under Policy Name or the Policy Value is not "tls1.2" or "tls1.3", this is a finding.

Fix Text

Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Minimum SSL version enabled Policy State: Enabled Policy Value: TLS 1.2 (or TLS 1.3) macOS "plist" file: Add the following: <key>SSLVersionMin</key> <string>tls1.2</string> (or <string>tls1.3</string>) Linux "policies.json" file: Add the following in the policies section: "SSLVersionMin": "tls1.2" or ("SSLVersionMin": "tls1.3")

Additional Identifiers

Rule ID: SV-251546r879889_rule

Vulnerability ID: V-251546

Group Title: SRG-APP-000560

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.