The IE SSL/TLS parameter must be set correctly.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6238	DTBI014	SV-43157r2_rule	ECSC-1	Medium

Description
This parameter ensures only DoD-approved ciphers and algorithms are enabled for use by the web browser. TLS and SSL are protocols for protecting communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other’s list of supported protocols and versions and pick the most preferred match.

Description

This parameter ensures only DoD-approved ciphers and algorithms are enabled for use by the web browser. TLS and SSL are protocols for protecting communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other’s list of supported protocols and versions and pick the most preferred match.

STIG	Date
Microsoft IE Version 7	2014-07-03

Details

Check Text ( C-41145r5_chk )
Open Internet Explorer. From the menu bar, select Tools. From the Tools drop-down menu, select Internet Options. From the Internet Options window, select the Advanced tab, from the Advanced tab window scroll down to the Security category. Verify a check mark is placed in 'Use SSL 3.0' and 'Use TLS 1.0' check boxes. Check marks can also be placed in 'Use TLS 1.1' and/or 'Use TLS 1.2'. If so, this is acceptable and not a finding. Verify there is not a check placed in the check box for 'Use SSL 2.0'. If 'Use SSL 2.0' is checked, then this is a finding.

Check Text ( C-41145r5_chk )

Open Internet Explorer. From the menu bar, select Tools. From the Tools drop-down menu, select Internet Options. From the Internet Options window, select the Advanced tab, from the Advanced tab window scroll down to the Security category. Verify a check mark is placed in 'Use SSL 3.0' and 'Use TLS 1.0' check boxes. Check marks can also be placed in 'Use TLS 1.1' and/or 'Use TLS 1.2'. If so, this is acceptable and not a finding. Verify there is not a check placed in the check box for 'Use SSL 2.0'. If 'Use SSL 2.0' is checked, then this is a finding.

Fix Text (F-36693r5_fix)
Open Internet Explorer. From the menu bar, select Tools. From the Tools drop-down menu, select Internet Options. From the Internet Options window, select the Advanced tab, from the Advanced tab window scroll down to the Security category. Place a check mark in 'Use SSL 3.0' and 'Use TLS 1.0' check boxes. Check marks can also be placed in 'Use TLS 1.1' and/or 'Use TLS 1.2'. Uncheck 'Use SSL 2.0' option.

Fix Text (F-36693r5_fix)

Open Internet Explorer. From the menu bar, select Tools. From the Tools drop-down menu, select Internet Options. From the Internet Options window, select the Advanced tab, from the Advanced tab window scroll down to the Security category. Place a check mark in 'Use SSL 3.0' and 'Use TLS 1.0' check boxes. Check marks can also be placed in 'Use TLS 1.1' and/or 'Use TLS 1.2'. Uncheck 'Use SSL 2.0' option.