Using outdated TLS policies can allow an attacker to decrypt traffic or impersonate a server

Severity	Exploitability	Providers	Categories
HIGH	HIGH	AWS	NETWORK

Description

Outdated TLS policies (version 1.0 and 1.1) rely on insecure cipher suites (SHA-1 and MD5), and are subject to a range of well known attack. Note that TLS 1.0 and 1.1 have been deprecated on March 25, 2021.

Allowing such policies can allow attacker to break the encryption, decrypt the traffic, and perform man-in-the-middle attacks.

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
True	False	True	False

Data or credential leakage.
Man-in-the-middle attacks.

Remediation guidelines

Choose TLS 1.2 as the security policy for the API Gateway domain name configuration.

References

Choosing a minimum TLS version for a custom domain in API Gateway
AWS API Gateway terraform configuration
Deprecating TLS 1.0 and TLS 1.1 (IETF RFC 8996)
Why It’s Dangerous to Use Outdated TLS Security Protocols (blog post)

Using outdated TLS policies can allow an attacker to decrypt traffic or impersonate a server

Description

Impact

Remediation guidelines

References

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Using outdated TLS policies can allow an attacker to decrypt traffic or impersonate a server

Description​

Impact​

Remediation guidelines​

References​

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Subscribe to our newsletter

Description

Impact

Remediation guidelines

References