Tls 1.0 & 1.1 Vulnerability Not detected by openvas

Hi,

We have scanned one of our host using openvas latest , but its not detected the tls 1.0 & tls 1.1 vulnerability .Can you please let us know why this is not deletected.

Thanks & Regards
Dileep. O

If the use of TLS 1.0 and/or 1.1 doesn’t comply with your requirements you can configure the following VT accordingly:

Name: SSL/TLS: Policy Check
Family: Policy
OID: 1.3.6.1.4.1.25623.1.0.105778

Once both protocols are “official” deprecated:

https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/

there will be a new VT reporting both as deprecated and with a severity by default (without the requirement to use the previously mentioned VT).

5 Likes

For the records:

TLSv1.0 and TLSv1.1 are now “officially” deprecated by the IETF since a few days:

https://datatracker.ietf.org/doc/rfc8996/

A new VT reporting them as such (with a related severity) will arrive in the Feeds (GCF and GSF) in the next few days.

3 Likes