Question - how to fix Docker TSL 1.0 and 1.1 vulnerability


We found out during a vulnerability scan that the apache2 used by eramba has “all” TLS enabled. I tried to fix the vulnerability by defining the parameter to contain only 1.2 and 1.3 and now the interface is not working.

Is there anyone that knows how this can be fixed?

you mean this configuration?

Which vulnerability are we discussing here exactly? - Im not sure what can we affect by changing this so i dont feel comfortable modifying it for everyone just like that.


TLS 1.1 and below (and all SSL) are considered insecure/broken protocols to the extent you might as well not bother encrypting your data in transit. If I’m not mistaken, IE8 will be the main browser you break by removing them, but I also suspect you don’t support it anyway.

Any vulnerability scanner running on this infrastructure will flag this as a high/critical issue.

1 Like