To Reproduce Steps to reproduce the behavior:

The customer carried out a scan on the EDPM compute node, RHEL V 9.4, using tenable tool and found the following security issue:

Plugin: 104743

Plugin name: TLS Version 1.0 Protocol Detection

Family: Service detection

Severity: Medium

Protocol: TCP

Port: 9105

Plugin Output: TLSv1 is enabled and the server supports at least one cipher.

Synopsis: The remote service encrypts traffic using an older version of TLS.

Description: 

The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.

Steps to remediate: 

Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.

CVSS V3 Base Score: 6,5