Back to Linter
Errorsecurity

Outdated SSL/TLS Protocols

TLSv1 and TLSv1.1 are insecure — how to configure modern SSL protocols in Nginx.

What This Rule Checks

This rule checks if your SSL configuration includes outdated protocols like TLSv1 or TLSv1.1.

Why It Matters

TLSv1.0 and TLSv1.1 have known vulnerabilities (BEAST, POODLE). All major browsers have dropped support for these protocols. PCI DSS compliance requires TLSv1.2 minimum.

Bad — Triggers this rule

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Good — Passes this rule

ssl_protocols TLSv1.2 TLSv1.3;

How to Fix

Remove TLSv1 and TLSv1.1 from your `ssl_protocols` directive. In Configen, select the "Modern" or "Intermediate" SSL preset.

Related Rules

security-ssl-missingsecurity-headers-missing

Check your config now

Paste your nginx.conf and get instant feedback on 20+ rules.

Open Linter →