4.5 Set Security TLS Version Minimum

Information

This setting sets the minimum protocol version that may be used when negotiating TLS/SSL sessions.

Rationale:

Setting TLS 1.2 as the minimum protocol version mitigates the risk of negotiating an insecure protocol, such as TSL 1.0 or SSL 2.0.

Impact:

Communications that require an older version of TLS/SSL will be blocked.

Solution

To establish the recommended configuration, set security.tls.version.min to 3:

Type about:config in the address bar

Type security.tls.version.min in the filter

Ensure the setting is set as prescribed.

OR

Open the mozilla.cfg file in the installation directory with a text editor

Add the following lines to mozilla.cfg:

lockPref('security.tls.version.min', 3);

Default Value:

3

See Also

https://workbench.cisecurity.org/files/4299

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-17(2), 800-53|IA-5, 800-53|IA-5(1), 800-53|SC-8, 800-53|SC-8(1), CSCv7|14.4

Plugin: Unix

Control ID: 04274919eff4ba664515a2a15831222ef73881fc07c70bc1bbc48cc072684537