Weak TLS Configuration

Vulnerability Details

The server supports outdated TLS versions (TLS 1.0, TLS 1.1) or weak cipher suites that are vulnerable to known cryptographic attacks.

An attacker could exploit weak cryptography to decrypt communications, perform downgrade attacks (e.g., POODLE, BEAST), or intercept sensitive data transmitted over the connection.

Disable TLS 1.0 and TLS 1.1. Only enable TLS 1.2 and TLS 1.3 with strong cipher suites. Disable weak ciphers (RC4, DES, 3DES). Prefer forward-secrecy cipher suites (ECDHE). Regularly test with SSL Labs or similar tools.

• https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/01-Testing_for_Weak_Transport_Layer_Security