FEATURE REQUEST - Option to disable TLS 1.0/1.1 while in FIPS mode

While FIPS still supports older versions of TLS encryptions (1.0 and 1.1) for compatibility with some private sectors, it is not recommended to use them.

Our company's IT and many other IT industries are strictly enforcing disabling TLS 1.0/1.1.

Please add the feature to disable the outdated and vulnerable TLS versions manually while in FIPS mode.


TLS 1.0 and TLS 1.1 are more secure than their SSL predecessors but are still vulnerable to exploits (e.g., BEAST and Klima attacks). While the use of TLS 1.0/1.1 is not recommended, support for these versions may be necessary to enable interaction with the private sector. Government-only applications are generally accessed by devices that support modern web browsers and therefore do not need to support TLS 1.0/1.1. The decision to support TLS 1.0/1.1 must be technically evaluated on a case-by-case basis.

TLS 1.2 and TLS 1.3 are more secure protocols which include several cryptographic enhancements aimed to mitigate threats that have been discovered over time. TLS 1.2/1.3 protocols are recommended for GSA implementations.