CCE-92872-1Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2019-05-17 (M)2023-07-04 |
This policy setting determines whether TLS 1.0 protocol is disabled. TLS 1.0 has several flaws. An attacker can cause connection failures and they can trigger the use of TLS 1.0 to exploit vulnerabilities like BEAST (Browser Exploit Against SSL/TLS).
Countermeasure:
Configure this setting to disable TLS 1.0.
Potential Impact:
Disabling TLS 1.0 will block server access from a number of browsers and operating systems.
Fix:
(1) REG: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server!Enabled
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client!Enabled
Parameter:
[disabled/enabled]
Technical Mechanism:
(1) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server!Enabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client!Enabled
CCSS Severity: | CCSS Metrics: |
CCSS Score : 9.1 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 5.2 | Privileges Required: NONE |
Severity: CRITICAL | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:54848 |