TLS Version 1.0 Protocol Detection

Info Nessus Plugin ID 104743

Synopsis

The remote service encrypts traffic using an older version of TLS.

Description

The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1 and 1.2 are designed against these flaws and should be used whenever possible.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.

Solution

Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.

Plugin Details

Severity: Info

ID: 104743

File Name: tls10_detection.nasl

Version: 1.5

Type: remote

Published: 2017/11/22

Modified: 2018/07/11

Dependencies: 21643

Risk Information

Risk Factor: Info

Vulnerability Information

Required KB Items: SSL/Supported