The Firefox SSLV2 parameter is configured to allow use of SSL 2.0.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15982 | DTBF010 | SV-16924r2_rule | ECSC-1 | Medium |
| Description |
|---|
| Use of versions prior to TLS 1.0 are not permitted because these versions are non-standard. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs. SSL 2.0 setting does not appear in the Options dialog and must be disabled using About:Config. |
| STIG | Date |
|---|---|
| Mozilla FireFox | 2014-07-03 |
Details
| Check Text ( C-16609r1_chk ) |
|---|
| Open a browser window, type "about:config" in the address bar, then navigate to the setting for Preference Name "security.enable_ssl2" and verify the value is set to "false". Criteria: If the parameter is set incorrectly, then this is a finding. If the value is not locked this is a finding. |
| Fix Text (F-15983r2_fix) |
|---|
| Set the preference "security.enable_ssl2" is set to "false" and lock using the Mozilla.cfg file. |