Weak TLS Protocols Enabled (TLS 1.0 / 1.1)

The server still negotiates TLS 1.0 or TLS 1.1, both of which were formally deprecated by RFC 8996 in 2021 and are prohibited for PCI-DSS 4.0, FedRAMP, and most internal security baselines.

Business risk

TLS 1.0 is vulnerable to BEAST and partially to POODLE. TLS 1.1 inherits the same block-cipher weaknesses and neither protocol supports modern authenticated-encryption ciphers (AEAD) or guaranteed forward secrecy. Browsers blocked these versions in 2020 but the handshake still completes for scanners, legacy API clients, curl/wget defaults, and bots. One accepting endpoint is all an attacker needs to downgrade a connection and run a cipher-level attack against session data.

Technical details

The fix is one config line, but the scope is the hard part. Audit every endpoint: the main site, admin subdomains, API gateways, SMTP submission (port 587), IMAP/POP (143/993/995), and any internal load balancer. A single legacy service accepting TLS 1.0 invalidates the compliance posture for the whole domain. Use `nmap --script ssl-enum-ciphers -p 443 yourdomain.com` to enumerate.

How to detect it

Enumerate which TLS versions the server still accepts. `nmap --script ssl-enum-ciphers` gives the full matrix. `openssl s_client -tls1` and `-tls1_1` should fail; `-tls1_2` and `-tls1_3` should succeed. Run the same checks against every endpoint you publish (web, API, mail, internal).

nmap --script ssl-enum-ciphers -p 443 yourdomain.com

openssl s_client -connect yourdomain.com:443 -tls1 </dev/null  # must fail

openssl s_client -connect yourdomain.com:443 -tls1_1 </dev/null  # must fail

https://www.ssllabs.com/ssltest/analyze.html?d=yourdomain.com

Common pitfalls

• !Auditing port 443 only. SMTP submission (587), IMAP (993), POP (995), and internal load balancers often still accept TLS 1.0. One legacy endpoint sinks the compliance score for the whole domain.
• !Changing protocols but not the cipher list. TLS 1.2 with RC4 or 3DES is still weak. Pair the protocol pin with a modern AEAD-only cipher list from the Mozilla SSL Config Generator.
• !Setting `ssl_prefer_server_ciphers on` by reflex. Modern guidance is off - clients pick well and enabling it makes ChaCha20 fallback harder on mobile devices.
• !Forgetting that some CDNs have a separate "minimum TLS" toggle in the dashboard that overrides origin-side config. On Cloudflare, this is `SSL/TLS → Edge Certificates → Minimum TLS Version`.
• !Ignoring legacy client breakage. Very old Android (<4.4), Windows XP, and certain IoT devices only support TLS 1.0/1.1. If those clients matter, quantify them from analytics before flipping the switch.

Remediation guide

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;

External references

• RFC 8996: Deprecating TLS 1.0 and 1.1
• Mozilla SSL Config Generator
• SSL Labs Server Test

Frequently asked questions

Keep going

Verify your fix

Applied the configuration change? Run a live scan to confirm the vulnerability is patched.