# TLS-002: Deprecated TLS Protocol Version
#
# Node.js server configured to accept TLS 1.0, which has known vulnerabilities
# and is deprecated by RFC 8996.

[metadata]
id = "tls-002"
name = "Deprecated TLS 1.0 protocol accepted"
category = "tls"
language = "javascript"
difficulty = "medium"
source = "hand-curated"
created = "2025-02-05"
notes = "TLS 1.0/1.1 deprecated per RFC 8996"

[input]
filename = "server.js"
content = """
const https = require('https');
const fs = require('fs');

const options = {
    key: fs.readFileSync('server.key'),
    cert: fs.readFileSync('server.crt'),
    minVersion: 'TLSv1',  // Allow legacy clients
    maxVersion: 'TLSv1.3'
};

https.createServer(options, (req, res) => {
    res.writeHead(200);
    res.end('hello world');
}).listen(443);
"""

[expected]
must_contain = [
    { subject = "tls/min_version", predicate = "value", value = "TLSv1", rationale = "minVersion explicitly set to TLSv1" },
    { subject = "tls/protocol", predicate = "deprecated", value = true, rationale = "TLS 1.0 is deprecated and should not be allowed" }
]

[scoring]
weight = 1.0
min_confidence = 0.7