Minimum Browser Security Settings for Accessing DoD Websites
On 23 June 2010, AKO converted to using only NIST / NIAP-approved Secure Sockets Layer (SSL) encryption. To ensure access to the Portal, it may be necessary to change individual browser settings. Specifically:
Only Internet Explorer 6 (or higher) and Mozilla Firefox browsers support the higher level of protection.
Browsers must be configured to support TLS 1.0.
For Internet Explorer 6 (or higher), go to: Tools > Internet Options> Advanced Tab, scroll down to the Security section and ensure that the Use TLS 1.0 option is checked, then click OK. If this option is not available, please ensure you install the latest updates for Microsoft Internet Explorer.
In Firefox, go to: Tools > Options > Advanced > Encryption and ensure that the Use TLS 1.0 box is checked, then click OK.
Local systems administrators need to verify that their browsers can support one of the following ciphers: AES 128, AES 256 or 3DES.
Q: How can I fix this?
A: We recommend you update your browser with all recommended patches. You can also check ERROR: “PAGE CANNOT BE DISPLAYED” for additional troubleshooting information.
Q: Why are these changes being made?
A: Army Reg 25-2, Sec 6-1B requires that all Unclassified and Sensitive Information systems use NIST/NIAP-approved SSL. AKO/DKO is making changes to support this requirement.
Q: How do I know if I need to make these changes?
A: If you use Microsoft Internet Explorer 6 or higher go to: Tools > Internet Options> Advanced Tab, scroll down to the Security section. If the “Use TLS 1.0” option is checked, you do not need to do anything. If it is not, check it and click OK.
If you use Mozilla Firefox, go to: Tools > Options > Advanced > Encryption. If the “Use TLS 1.0” box is checked, you do not need to do anything. If it is not, check it and click OK.
Q: What do I need to do to make my browsers compliant?
A: If you use Microsoft Internet Explorer 6 or higher , verify it is configured correctly. To do that, go to: Tools > Internet Options> Advanced Tab, scroll down to the Security section and ensure that the “Use TLS 1.0” option is checked, then click OK. If this option is not available, please ensure you have the latest updates for Microsoft Internet Explorer and then try again.
If you use Mozilla Firefox, go to: Tools > Options > Advanced > Encryption and ensure that the “Use TLS 1.0” box is checked, then click OK.
Q: What happens if I don’t make these changes?
A: You will not be able to access AKO or any of its related services (e.g., IM, Webmail, files).
Q: What is SSL?
A: SSL, which stands for Secure Sockets Layer, is a commonly used method for managing the security of a message transmission on the Internet.
Q: What about non-Web browser services like IMAP/POP?
A: All AKO/DKO Services like Portal, Webmail, and IM as well as e-mail based services like IMAP and POP will use only NIST/NIAP-approved SSL algorithms. Check your application’s vendor documentation to ensure it is capable of using NIST/NIAP-approved cryptographic algorithms.
Leave a Reply