dnswatchdog.iodocs
Issues

Weak TLS Version

The server negotiated a deprecated TLS version.

Severity: Warning

What is TLS?

TLS (Transport Layer Security) is the protocol that encrypts HTTPS connections. It has gone through several versions: TLS 1.0 (1999), TLS 1.1 (2006), TLS 1.2 (2008), and TLS 1.3 (2018). Each version improved security and performance over the previous one.

What does this mean?

The server negotiated a connection using TLS 1.0 or TLS 1.1, both of which are deprecated. These older versions have known vulnerabilities (like BEAST and POODLE) that can allow attackers to decrypt traffic under certain conditions.

Why this is a problem

  • TLS 1.0 and 1.1 are officially deprecated by RFC 8996 (2021)
  • Major browsers have dropped support for these versions
  • PCI DSS compliance requires TLS 1.2 or higher
  • Known vulnerabilities in older TLS versions can be exploited to intercept encrypted traffic

What you should do

  • Configure the server to support only TLS 1.2 and TLS 1.3
  • Disable TLS 1.0 and TLS 1.1 in the web server configuration (Apache, Nginx, IIS, etc.)
  • Test the change to ensure no critical clients are broken (very old browsers or systems may only support TLS 1.0)
  • Use a tool like SSL Labs to verify the server's TLS configuration after making changes

Authentication Required

The web endpoint requires authentication.

No HTTPS Redirect

The server does not redirect HTTP to HTTPS.

On this page

What is TLS?What does this mean?Why this is a problemWhat you should do