Transport Layer Security (TLS) is a cryptographic protocol designed to provide confidentiality, integrity, and authentication for network communications. Older versions of TLS, including TLS 1.2, are susceptible to downgrade attacks when not properly configured. In a downgrade attack, an attacker forces communicating parties to fall back to a weaker or less secure protocol version, enabling man-in-the-middle exploitation.
TLS 1.3 was specifically designed to mitigate these risks by removing insecure cryptographic algorithms, eliminating legacy handshake mechanisms, and enforcing stronger cipher suites. It also reduces the attack surface by simplifying the handshake process and providing built-in protections against downgrade attacks.
Option B is insufficient because monitoring alone does not prevent cryptographic weaknesses. Option C may improve general security posture but does not directly address protocol-level downgrade vulnerabilities. Option D significantly weakens security and would increase exposure.
Cybersecurity best practices and operations documentation strongly recommend disabling outdated TLS versions and enforcing TLS 1.3 wherever possible to ensure robust protection against MITM and downgrade attacks.
Therefore, upgrading to TLS 1.3 or higher is the correct preventive action.
