I have put forth a Pull Request for OWASP Application Security Verification Standard (ASVS) to deprecate TLS v1.2 and require TLS v1.3 only. This is part of a much larger piece of work to align with PCI-DSS v3.2.1 at https://github.com/OWASP/ASVS/issues/317#issuecomment-829077114 It is also subject to change due to the dependency on what is in the next major release of PCI-DSS v4.0 of which the latest news is available at https://blog.pcisecuritystandards.org/pci-dss-v4.0-timeline-updated-to-support-an-additional-rfc Please note the Pull Request (PR) is at an early stage so it might not be merged in the next minor release of OWASP ASVS if adoption of TLS v1.3 is too low at this point in time, etc. I'd appreciate any further feedback from OpenSSL at https://github.com/OWASP/ASVS/issues/979 please? -- Regards, Christian Heinrich http://cmlh.id.au/contact
