Problem
A vulnerability scan may display that TLS 1.0 and TLS 1.1 are enabled on a given Terraform Enterprise installation fronted by a load balancer, despite the fact that these TLS versions are not supported by Terraform Enterprise.
Cause
This issue is typically due to a load balancer in front of the Terraform Enterprise installation supporting TLS 1.0 and TLS 1.1 connection.
Solutions:
You can explicitly test the connection and specify an unsupported TLS version using curl:
$ curl <TFE_URL> --verbose --tlsv1.0 --tls-max 1.1In order to resolve this issue, the load balancer configuration should be modified to remove support for undesired TLS versions.