Skip to content

TLS Version Analyzer

Configuration Name: TLSVersion


The TLSVersion analyzer detects presence of TLS/SSL encryption on a connection and the version of TLS being used. A finding is reported when

  • API endpoint uses HTTP instead of HTTPS; or
  • API endpoint uses a version of TLS older than TLS 1.2 (such as SSL, TLS 1.0, TLS 1.1).

Faults Reported

Fault Identifier Title Summary Solution Severity
CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') Application either does use encryption or allows client to select a TLS version that is not considered the recommended best practice. Configure application to accept only TLS 1.2 or TLS 1.3. high