The TLS Version 1.0 Protocol Detection Vulnerability when detected with a vulnerability scanner will report it as a CVSS 6.5 (v3).
CVSS is a scoring system for vulnerability systems, its an industry standard scoring system to mark findings against a specific number ranging from 0 to 10. They are shown as:
Transport Layer Security (TLS) versions 1.0 and 1.1 were superseded by TLSv1.2 in 2008, which has now itself been superseded by TLSv1.3. It is therefore timely to further deprecate these old versions. The expectation is that TLSv1.2 will continue to be used for many years alongside TLSv1.3.
TLSv1.1 and TLSv1.0 are also actively being deprecated in accordance with guidance from government agencies and industry consortia such as the Payment Card Industry Association (PCI).
To help protect against this vulnerability, you need to disable some older protocols by making changes in the SSL configuration file. The location of this file depends on what kind of service you are running for example Apache, Nginx etc.
The SSL configuration section or the file should have the SSL Protocol section that should look similar to below:
SSLProtocol -all -TLSv1 -TLSv1.1 -SSLv3 -SSLv2 +TLSv1.2
Note: A restart of the service and/or the server will be required after making these changes.