Vulnerabilities
Outdated TLS 1.0 accepted
mediumopenDescription
The reverse proxy still negotiates TLS 1.0/1.1. Restrict to TLS 1.2+ to meet modern compliance baselines.
Affected code
nginx.confssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Details
- Severity
- medium
- CVSS
- 5.3
- CVE
- —
- CWE
- CWE-326
- File
- nginx.conf
- Status
- open
Remediation
No remediation generated yet. The engineer agent proposes a patch when this finding is triaged.