PCI-DSS 4.0 4.2.1.1

Legacy TLS versions prohibited

UnveilScan findings mapped to this control

The scanner emits 3 distinct findings on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).

email.mx_weak_starttls ⏱ 15 min

EMAIL — Mx weak starttls

Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.

operational

Also maps to 1 other control

ANSSI Reco-Messagerie §3.1 — TLS 1.2+ sur SMTP

tls.legacy_protocol ⏱ 30 min

TLS — Legacy protocol

Risk if ignored: TLS 1.0/1.1 enable POODLE / BEAST / sweet32 attacks and fail every modern compliance audit (PCI-DSS 4.0, ANSSI).

security legal

Also maps to 3 other controls

ANSSI Reco-TLS v1.2 §2.1 — TLS 1.2 minimum, TLS 1.3 recommandé
ISO 27001:2022 A.8.24 — Use of cryptography
NIS 2 21.2.d — Cryptography and encryption

tls.legacy_protocol_enabled ⏱ 15 min

TLS — Legacy protocol enabled

Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.

operational

Also maps to 2 other controls

ANSSI Reco-TLS v1.2 §2.1 — Désactiver TLS 1.0 et TLS 1.1
NIS 2 21.2.d — Cryptography and encryption