HTTPS connection uses outdated TLS version
Description
The target server does not support TLS version 1.2 or higher for HTTPS connections. This indicates the server is configured to use only outdated and deprecated versions of SSL/TLS protocols (such as SSL 2.0, SSL 3.0, TLS 1.0, or TLS 1.1), which contain known cryptographic weaknesses and are no longer considered secure for protecting sensitive data in transit.
Remediation
Update the web server configuration to support TLS 1.2 and TLS 1.3 as the minimum acceptable protocol versions, and explicitly disable all older SSL/TLS versions (SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1).
Configuration examples for common web servers:
Apache (httpd.conf or ssl.conf):
SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
Nginx (nginx.conf):
ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; ssl_prefer_server_ciphers on;
IIS (via PowerShell):
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'Enabled' -Value 1 -PropertyType 'DWord' New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'DisabledByDefault' -Value 0 -PropertyType 'DWord'
After making configuration changes, restart the web server and verify the changes using SSL/TLS testing tools such as SSL Labs' SSL Server Test (ssllabs.com/ssltest) to confirm that only TLS 1.2 and 1.3 are enabled.