SSL policies should enforce secure versions of TLS
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | |
| Vulnerability Type | omission |
Description#
The SSL policy allows TLS versions earlier than 1.2, which are outdated and contain known security vulnerabilities. This configuration exposes data in transit to interception and compromise due to weak encryption protocols.
Impact#
Attackers could exploit outdated TLS versions to decrypt, intercept, or manipulate sensitive data transmitted between clients and servers, leading to data breaches, session hijacking, or loss of data integrity. This undermines compliance and exposes the organization to significant security risks.
Resolution#
Enforce a minimum TLS version of 1.2