Proposal to Deprecate TLS v1.2 within OWASP ASVS

Christian Heinrich christian.heinrich at
Sat May 1 07:04:28 UTC 2021

I have put forth a Pull Request for OWASP Application Security
Verification Standard (ASVS) to deprecate TLS v1.2 and require TLS
v1.3 only.

This is part of a much larger piece of work to align with PCI-DSS
v3.2.1 at

It is also subject to change due to the dependency on what is in the
next major release of PCI-DSS v4.0 of which the latest news is
available at

Please note the Pull Request (PR) is at an early stage so it might not
be merged in the next minor release of OWASP ASVS if adoption of TLS
v1.3 is too low at this point in time, etc.

I'd appreciate any further feedback from OpenSSL at please?

Christian Heinrich

More information about the openssl-users mailing list