TLS Version 1.0 Protocol Detection.txt - HĐ 1511/2023/HĐKT/CAT-ELCOM-VNPT (CAMERA HUẾ) - Hệ thống quản lý sự cố/feedback ELCOM

Feature #339 » TLS Version 1.0 Protocol Detection.txt

Tăng Bá Thiện , 05/02/2024 09:12 AM

 - TLS Version 1.0 Protocol Detection
       Synopsis
       The remote service encrypts traffic using an older version of TLS.
       Description
       The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.
       As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
       PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
       See Also
       https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
       Solution
       Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
       Risk Factor
       Medium
       CVSS v3.0 Base Score
 .5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
       CVSS v2.0 Base Score
 .1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
       References
       XREF	CWE:327
       Plugin Information
       Published: 2017/11/22, Modified: 2023/04/19
       Plugin Output
       tcp/443/www
       TLSv1 is enabled and the server supports at least one cipher.

(2-2/5)