A vulnerability scan may display that TLS 1.0 and TLS 1.1 are enabled on a given Terraform Enterprise installation fronted by a load balancer, despite the fact that these TLS versions are not supported by Terraform Enterprise.
- This issue is typically due to a load balancer in front of the Terraform Enterprise installation supporting TLS 1.0 and TLS 1.1 connection.
You can explicitly test the connection and specify the unsupported TLS versions using curl:
$ curl <TFE_URL> --verbose --tlsv1.0 --tls-max 1.1
In order to sort this, the load balancer configuration should be modified to remove support for undesired TLS versions.
If you continue to experience issues, please reach out to Hashicorp Support