I recently disabled old ssl 2.0, 3.0 and tls 1.0 and 1.1 protocols on my Windows 2016 server. I am not unable to pull any vulnerability information from the server when I scan it. Yesterday it had 311 vulnerabilities, after the change it has zero. I know this is not possible, because
- It’s a Windows server
- There should still be vulnerabilities remaining unrelated to ssl/tls (i.e. Hyper-v, IKE, ADDS, RDP, etc).