TLS Version 1.1 Deprecated Protocol

medium Nessus Plugin ID 157288

Synopsis

The remote service encrypts traffic using an older version of TLS.

Description

The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

Solution

Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.

See Also

https://datatracker.ietf.org/doc/html/rfc8996

http://www.nessus.org/u?c8ae820d

Plugin Details

Severity: Medium

ID: 157288

File Name: tls11_deprecated.nasl

Version: 1.4

Type: remote

Published: 4/4/2022

Updated: 5/14/2024

Configuration: Enable thorough checks

Asset Inventory: true

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score from an in depth analysis done by tenable

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Vulnerability Information

Required KB Items: SSL/Supported

Reference Information

CWE: 327