Details

A weak cipher is defined as an encryption/decryption algorithm that uses a key of insufficient length. Using an insufficient length for a key in an encryption/decryption algorithm opens up the possibility (or probability) that the encryption scheme could be broken.

Solution

Windows group policy:
1. Open the group policy editor tool with ‘gpedit.msc’.
2. Navigate to Policy Path: Computer ConfigurationAdministrative TemplatesMozillaFirefoxDisabled Ciphers
Policy Name: TLS_RSA_WITH_3DES_EDE_CBC_SHA Update
Policy State: Disabled

macOS ‘plist’ file:
Add the following:
DisabledCiphers

TLS_RSA_WITH_3DES_EDE_CBC_SHA

Linux ‘policies.json’ file:
Add the following in the policies section:
‘DisabledCiphers’: {
‘TLS_RSA_WITH_3DES_EDE_CBC_SHA’: false
}

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MOZ_Firefox_V6R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-7a.
• CAT|II
• CCI|CCI-000381
• Rule-ID|SV-251571r807185_rule
• STIG-ID|FFOX-00-000027
• Vuln-ID|V-251571

Source

• Tenable.com/audits