An SSL/TLS version offered by the server is outdated. The deprecated versions contain weak implementations that cannot be considered secure anymore. Make sure that your web server offers only recent and strong protocol versions.

Table of contents
  1. Deprecated SSL Protocol Versions Security Assessment
  2. Deprecated SSL Protocol Versions Vulnerability Information
  3. A short history on SSL and TLS
  4. How to Disable Deprecated SSL Protocol Versions

Deprecated SSL Protocol Versions Security Assessment

Security Assessment Disable deprecated SSL Protocol Versions

CVSS Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Deprecated SSL Protocol Versions Vulnerability Information

An SSL/TLS version offered by the server is outdated. The deprecated versions contain weak implementations that cannot be considered secure anymore. Make sure that your web server only offers recent and strong protocol versions.

In their latest cheat sheet for Transport Layer Security (TLS), the OWASP guide recommends the following setting:

  • The SSL protocols have a large number of weaknesses, and should not be used in any circumstances.
  • General-purpose web applications should only support TLS 1.2 and TLS 1.3, with all other protocols disabled.

A short history on SSL and TLS

SSL version 2 and 3

Secure Socket Layer (SSL) was the original protocol used to provide encryption for HTTP traffic in the form of HTTPS. There were two publicly released versions of SSL – versions 2 and 3. Unfortunately, both of these have serious cryptographic weaknesses and should no longer be used.

TLS version 1.0 to 1.3 (SSL version 3.1 to 3.4)

For various reasons, the next version of the protocol (effectively SSL 3.1) was named Transport Layer Security (TLS) version 1.0. Subsequently, TLS versions 1.1, 1.2, and 1.3 have been released.

Terminology

The terms “SSL,” “SSL/TLS,” and “TLS” are frequently used interchangeably, and in many cases, “SSL” is used when referring to the more modern TLS protocol.

How to Disable Deprecated SSL Protocol Versions

To disable the deprecated SSL/TLS protocol versions, please refer to Secure TLS Configuration.

See if Your Web App or API Has Security Vulnerabilities

SCAN FOR FREE NOW