TLS 1.1 enabled
Impact: Low
Description
TLS version 1.1 is known to have several security vulnerabilities and weaknesses, rendering it insecure for use.
Recommendation
To enhance security, disable TLS 1.1 and upgrade to more secure protocols such as TLS 1.2 or TLS 1.3.
References
- CWE-16
- CWE-326
- NIST Special Publication 800-52 Revision 1: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
- OWASP 2021-A5
- OWASP: Transport Layer Protection Cheat Sheet
👉 You might also like:
TLS 1.0 enabled - Vulnerability
SSL 2 enabled - Vulnerability
SSL 3 enabled - Vulnerability
No Redirection from HTTP to HTTPS - Vulnerability
Last updated on May 13, 2024