Ssl Tls Server Accepts Tlsv1 Connections

Description

Detects if a web server accepts TLS 1.0 connections, which is a legacy protocol version with known security vulnerabilities. TLS 1.0 has been deprecated since it is susceptible to various attacks like BEAST and POODLE, making it unsuitable for securing modern web applications.

Weakness:

016 - Insecure encryption algorithm - SSL/TLS

Category: Information Collection

Detection Strategy

• A vulnerability is reported when the server successfully establishes a TLS 1.0 connection

• The detector attempts to connect using TLS 1.0 with any supported cipher suite

• If the server completes the TLS handshake using version 1.0, it indicates the server accepts this insecure protocol version

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.