CME-403

TLS 1.3 Enforcement

Harden Network High Confidence

Description

Restricts all TLS connections to TLS 1.3 minimum, eliminating protocol downgrade attacks and leveraging TLS 1.3's reduced handshake, mandatory forward secrecy, and encrypted extensions.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H TLS downgrade attacks impossible; forward secrecy mandatory

CWE Relationships

CWE-757 CWE-327

Verification

Verify minimum TLS version is 1.3

$ openssl s_client -connect localhost:443 -tls1_2 </dev/null 2>&1 | grep 'handshake failure'
# Expected: handshake failure
Platform: any
← CME-402: FIPS 140-3 Mode CME-404: Certificate Pinning →