DE

How to Disable Deprecated SSL Protocol Versions

In this article:

An SSL/TLS version offered by the server is outdated. The deprecated versions contain weak implementations that cannot be considered secure anymore. Make sure that your web server offers only recent and strong protocol versions.



Deprecated SSL Protocol Versions Security Assessment

Security Assessment Disable deprecated SSL Protocol Versions

CVSS Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Deprecated SSL Protocol Versions Vulnerability Information

An SSL/TLS version offered by the server is outdated. The deprecated versions contain weak implementations that cannot be considered secure anymore. Make sure that your web server only offers recent and strong protocol versions.

In their latest cheat sheet for Transport Layer Security (TLS), the OWASP guide recommends the following setting:

  • The SSL protocols have a large number of weaknesses, and should not be used in any circumstances.
  • General-purpose web applications should only support TLS 1.2 and TLS 1.3, with all other protocols disabled.

A short history on SSL and TLS

SSL versions 2 and 3

Secure Socket Layer (SSL) was the original protocol used to provide encryption for HTTP traffic in the form of HTTPS. There were two publicly released versions of SSL – versions 2 and 3. Unfortunately, both of these have serious cryptographic weaknesses and should no longer be used.

TLS version 1.0 to 1.3 (SSL version 3.1 to 3.4)

For various reasons, the next version of the protocol (effectively SSL 3.1) was named Transport Layer Security (TLS) version 1.0. Subsequently, TLS versions 1.1, 1.2, and 1.3 have been released.

Terminology

The terms “SSL,” “SSL/TLS,” and “TLS” are frequently used interchangeably, and in many cases, “SSL” is used when referring to the more modern TLS protocol.

How to Disable Deprecated SSL Protocol Versions

To disable the deprecated SSL/TLS protocol versions, please refer to Secure TLS Configuration.

Why are Security Protocols Important?

The reason why you should care about TLS is simple: it protects data in transit from eavesdropping, tampering, or message modification. This means that if a hacker wants to steal information from you, they will have to intercept the traffic between your computer and the website you’re trying to access. They won’t be able to get any of the data on its own because it’s encrypted, but they can try to impersonate the site owner and trick you into giving them sensitive information.

How Does TLS Work?

To protect data in transit, TLS uses asymmetric cryptography. In this scenario, two keys are used; one key is public and the other private. When you send a request to a website, you use the public key to encrypt the connection so that only the intended recipient can decrypt it. If someone else tries to intercept the communication, they’ll see gibberish instead of the original content.

When using HTTPS, the browser first connects with the server over an unencrypted HTTP session.

Prevention Guide for SSL/TLS Vulnerabilities

Prevention Guide

Learn how to detect and prevent different kinds of SSL/TLS vulnerabilities.

Download

FAQs

What is the difference between TLS 1.0 and TLS 1.2?

SSL/TLS provides three different levels of security: SSL 3.0, TLS 1.0, and TLS 1.1. All three provide some level of protection against eavesdroppers, but TLS 1.2 has been designed specifically to address the weaknesses found in older versions.

Why do I need to enable encryption?

If you don’t want anyone to snoop on your communications, you must make sure that all connections to websites are secured. Otherwise, hackers could easily intercept your requests and read your and your client’s personal information. 

Get a quick security audit of your website for free now

We are analyzing https://example.com
Scanning target https://example.com
Scan status: In progress
Scan target: http://example.com/laskdlaksd/12lklkasldkasada.a
Date: 23/09/2022
Crashtest Security Suite will be checking for:
Information disclosure Known vulnerabilities SSL misconfiguration Open ports
Complete your scan request
Please fill in your details receive the
quick security audit by email.
Security specialist is analyzing your scan report.
То verify your identity please provide your phone/mobile:
Thank you.
We have received your request.
As soon as your security audit is ready, we will notify you.