-
Notifications
You must be signed in to change notification settings - Fork 0
TLS Version 1.1 Protocol Deprecated
Fabien edited this page May 22, 2024
·
1 revision
TLS version 1.1 has been deprecated due to inherent security vulnerabilities and the availability of more secure versions, such as TLS 1.2 and TLS 1.3. Continuing to use TLS 1.1 can expose data transmissions to increased security risks.
- Severity: High
- Vulnerability to Cyber Attacks: Continuing to support TLS 1.1 can leave an organization susceptible to newer types of cryptographic attacks that older protocols are not designed to withstand.
- Non-Compliance Risks: Many industry standards and regulations, such as PCI DSS, now require the use of TLS 1.2 or later. Non-compliance can lead to penalties and increased scrutiny.
- Reduced Data Security: Using deprecated protocols can result in compromised data integrity and confidentiality during transmission.
- Outdated Configurations: Lack of regular updates to network configurations can lead to continued support of deprecated protocols like TLS 1.1.
- Compatibility Requirements: Some organizations may delay deprecating older TLS versions to maintain compatibility with legacy systems or third-party services that have not yet upgraded.
Ensuring that all system components and client applications use TLS 1.2 or higher is critical to maintaining secure communications.
- Update Server Configurations:
-
Modify server settings to disable TLS 1.1 and enable support for TLS 1.2 and TLS 1.3.
For Apache:
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite HIGH:!aNULL:!MD5:!RC4 SSLHonorCipherOrder on
For Nginx:
ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'HIGH:!aNULL:!MD5:!RC4'; ssl_prefer_server_ciphers on;
-
- Client Software Updates:
- Ensure that any client software interacting with your servers supports at least TLS 1.2. This may involve software upgrades or patches.
- Monitoring and Testing:
- Regularly test your TLS configuration to ensure compliance with the latest security standards. Tools like SSL Labs' SSL Test can be used to verify that TLS 1.1 is disabled:
N/A
- Enabling TLS 1.1 and TLS 1.2 on Web Browsers
- Here’s how to disable outdated TLS and SSL versions in Apache (and why you should)
N/A
- Home - Return to this main page.
- Explore detailed vulnerability categories and entries via the sidebar.
- Microsoft Teams < 1.6.0.11166 Information Disclosure↗
- Microsoft Teams < 1.6.0.18681 RCE↗
- Microsoft Windows Unquoted Service Path Enumeration↗
- Microsoft XML Parser (MSXML) and XML Core Services Unsupported↗
- Security Updates for Microsoft .NET Framework↗
- Security Updates for Microsoft Office Products C2R↗
- Security Updates for Microsoft SQL Server↗
- Windows Defender Antimalware/Antivirus Signature Definition Check↗
- Windows Speculative Execution Configuration Check↗
- WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation↗
- SSL Certificate Cannot Be Trusted↗
- SSL Certificate Chain Contains RSA Keys Less Than 2048 bits↗
- SSL Certificate with Wrong Hostname↗
- SSL Medium Strength Cipher Suites Supported (SWEET32)↗
- SSL Self-Signed Certificate↗
- SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)↗
- TLS Version 1.0 Protocol Detection↗
- TLS Version 1.1 Protocol Deprecated↗
- Apache 2.4.x < 2.4.58 Multiple Vulnerabilities↗
- Apache Log4j Vulnerabilities↗
- Apache Solr Unauthenticated Access Information Disclosure↗
- Apache Struts Vulnerabilities↗
- Apache Tomcat Vulnerabilities↗
- Amazon Corretto Java 11.x < 11.0.19.7.1 Multiple Vulnerabilities↗
- OpenJDK Vulnerabilities↗
- Oracle Java SE Vulnerabilities↗
- 7-Zip < 23.00 Multiple Vulnerabilities↗
- Adobe Acrobat Vulnerabilities↗
- AMQP Cleartext Authentication↗
- Artifex Ghostscript < 10.2.1 DoS↗
- Chargen UDP Service Remote DoS↗
- Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039)↗
- Echo Service Detection↗
- HSTS Missing From HTTPS Server (RFC 6797)↗
- HTTP TRACE / TRACK Methods Allowed↗
- Insecure Windows Service Permissions↗
- Keepass < 2.54 Information disclosure↗
- Notepad++ < 8.5.7 Multiple Buffer Overflow Vulnerabilities↗
- Quote of the Day (QOTD) Service Detection↗
- VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass↗
- X Server Detection↗
- Template -> Use this template for new vulnerabilities