Description
TLS version 1.1 is known to have several security vulnerabilities and weaknesses, rendering it insecure for use.
Recommendation
To enhance security, disable TLS 1.1 and upgrade to more secure protocols such as TLS 1.2 or TLS 1.3.
References
- OWASP: Transport Layer Protection Cheat Sheet
- NIST Special Publication 800-52 Revision 1: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
- CWE-16
- CWE-326
- OWASP 2021-A2
- OWASP 2021-A5
Related Issues
- TLS 1.0 enabled - Vulnerability
- SSL 3 enabled - Vulnerability
- SSL 2 enabled - Vulnerability
- CRIME (SSL/TLS) attack - CVE-2012-4929
You might also like:
- Tags:
- SSL/TLS
- Encryption
- Server Misconfiguration
Anything's wrong? Let us know Last updated on May 13, 2024