← Back to Mozilla Firefox Security Technical Implementation Guide

V-251546

CAT I (High)

Firefox must be configured to allow only TLS 1.2 or above.

Rule ID

SV-251546r961869_rule

STIG

Mozilla Firefox Security Technical Implementation Guide

Version

V6R7

CCIs

CCI-001453

Discussion

Use of versions prior to TLS 1.2 are not permitted. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs.

Check Content

Type "about:policies" in the browser window. 

If "SSLVersionMin" is not displayed under Policy Name or the Policy Value is not "tls1.2" or "tls1.3", this is a finding.

Fix Text

Windows group policy:
1. Open the group policy editor tool with "gpedit.msc".
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\
Policy Name: Minimum SSL version enabled
Policy State: Enabled
Policy Value: TLS 1.2   (or TLS 1.3)

macOS "plist" file:
Add the following:
<key>SSLVersionMin</key>
<string>tls1.2</string>   (or <string>tls1.3</string>)

Linux "policies.json" file:
Add the following in the policies section:
"SSLVersionMin": "tls1.2"   or ("SSLVersionMin": "tls1.3")