FFOX-00-000002 - Firefox must be configured to allow only TLS 1.2 or above.

Information

Use of versions prior to TLS 1.2 are not permitted. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs.

Solution

Windows group policy:
1. Open the group policy editor tool with 'gpedit.msc'.
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\
Policy Name: Minimum SSL version enabled
Policy State: Enabled
Policy Value: TLS 1.2

macOS 'plist' file:
Add the following:
<key>SSLVersionMin</key>
<string>tls1.2</string>

Linux 'policies.json' file:
Add the following in the policies section:
'SSLVersionMin': tls1.2

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MOZ_Firefox_V6R1_STIG.zip

Item Details

References: CAT|I, CCI|CCI-001453, Rule-ID|SV-251546r807110_rule, STIG-ID|FFOX-00-000002, Vuln-ID|V-251546

Plugin: Windows

Control ID: 333c54111e5174696bf5b5b0e423700e703a2b3bef04fb2efd57f9e33ca8b917