4.6 Set SSL Override Behavior

Information

This setting controls whether Firefox will or will not automatically fill in the URL text box and auto-fetch the certificate on behalf of the user. When Firefox encounters an invalid certificate and the user clicks 'Add Exception', a dialog is displayed with a text box to fetch the certificate from the given URL.

Rationale:

Requiring the user to manually enter the server's URL and fetch the certificate may provide additional opportunity to scrutinize the certificate before adding an exception for a potentially fraudulent certificate.

Impact:

Setting this configuration to 0 forces the user to enter a URL and click the 'Get Certificate' button before adding an exception for an invalid cert.

Solution

To establish the recommended configuration, set browser.ssl_override_behavior to 0:

Type about:config in the address bar

Type browser.ssl_override_behavior in the filter

Ensure the setting is set as prescribed.

OR

Open the mozilla.cfg file in the installation directory with a text editor

Add the following lines to mozilla.cfg:

lockPref('browser.ssl_override_behavior', 0);

Default Value:

2

See Also

https://workbench.cisecurity.org/files/4299

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: 638eb7787de5ff92553a91d09ce219fc65705449a66bcba0d510f08871de0908