Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-8198

TLS Version 1.0 and 1.1 Protocol Detection

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • False
    • None
    • False

      Description:

      The remote service accepts connections encrypted using TLS 1.0 and TLS 1.1.

      TLS 1.0 and 1.1 lack support for current and recommended cipher suites and have a number of cryptographic design flaws.

       

      As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

      PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.

       

      Solution:

      Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0 and 1.1.

       

      See also:
      https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
       
      Output:
      TLSv1 is enabled and the server supports at least one cipher.
      To see debug logs, please visit individual host

      Port Hosts
      443 / tcp / www stage.quay.io

       

      Reference Information:

      CWE:  327

              bcaton@redhat.com Brandon Caton
              rh-ee-trgreene Trevon Greene
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: