Skip to content
QS-tls-oldcritical

TLS 1.0 / 1.1

Description

TLS 1.0 and 1.1 are deprecated per RFC 8996.

Quantum Threat

Broken by classical attacks — no quantum computer needed. Replace immediately.

Suppressing False Positives

Add a suppression comment on the flagged line, or the line above it:

// quantumscan-ignore
const algo = "RSA"; // quantumscan-ignore

Or create a .quantumscan-ignore file in your project root to suppress by rule ID or file path:

# Suppress this rule in all files
tls-old

# Suppress this rule only in test files
tls-old:src/**/*.test.ts

# Suppress all rules in legacy files
src/legacy/**

Regulatory & Standards References

NIST FIPS 203

ML-KEM (Kyber) — key encapsulation replacement for RSA/ECDH

NIST FIPS 204

ML-DSA (Dilithium) — signature replacement for ECDSA/RSA-sign

NIST FIPS 205

SLH-DSA (SPHINCS+) — hash-based signature fallback

NSA CNSA 2.0

Mandates ML-KEM-1024 + ML-DSA-87 for US national security systems. New systems: 2030. Legacy: 2033.

DORA Art. 7(2)(c)

EU Digital Operational Resilience Act — ICT risk management must ensure cryptographic agility and algorithm rotation capabilities.

NIS2 Art. 21(2)(h)

EU Network and Information Security Directive — adequacy of encryption and cryptographic standards as a baseline security measure.

Run a full AI-powered scan on your repository

QuantumScan detects this and 100+ other quantum-vulnerable patterns, then generates per-finding migration code diffs.

Scan your repository →