Severity: Best Practice
Netsparker detected that a deprecated, insecure transportation security protocol (TLS 1.1) is supported by your web server.
TLS 1.1 will be considered as deprecated by major web browsers (i.e. Chrome, Firefox, Safari, Edge, Internet Explorer) starting in 2020.
Your website will be inaccessible due to web browser deprecation.
We recommended to disable TLS 1.1 and replace it with TLS 1.2 or higher. See Remedy section for more details.
Configure your web server to disallow using weak ciphers. You need to restart the web server to enable changes.
SSLProtocol +TLSv1.2
nginx.conf
file and remove TLSv1.1
.
ssl_protocols TLSv1.2;
regedt32
or regedit
, and then click OK.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\
Server
or create if it doesn't exist.Server
key, locate a DWORD value named Enabled
or create if it doesn't exist and set its value to "0". ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable" ssl.openssl.ssl-conf-cmd = ("Protocol" => "-TLSv1.1, -TLSv1, -SSLv3") # v1.4.48 or up ssl.ec-curve = "secp384r1"