{
  "id": "S014",
  "name": "Enforce TLS 1.2 or 1.3 only",
  "category": "security",
  "description": "S014 - Ensure only TLS 1.2 or TLS 1.3 protocols are used. Detects usage of insecure TLS/SSL versions (SSL v2/v3, TLS 1.0, TLS 1.1) in HTTPS server configurations, client requests, and framework settings.",
  "severity": "error",
  "enabled": true,
  "semantic": {
    "enabled": true,
    "priority": "high",
    "fallback": "heuristic"
  },
  "patterns": {
    "include": ["**/*.js", "**/*.ts", "**/*.jsx", "**/*.tsx"],
    "exclude": [
      "**/*.test.js",
      "**/*.test.ts",
      "**/*.spec.js",
      "**/*.spec.ts",
      "**/node_modules/**",
      "**/dist/**",
      "**/build/**"
    ]
  },
  "analysis": {
    "approach": "symbol-based-primary",
    "fallback": "regex-based",
    "depth": 1,
    "timeout": 4000
  },
  "validation": {
    "insecureVersions": [
      "SSLv2",
      "SSLv3",
      "TLSv1",
      "TLSv1.0",
      "TLSv1_method",
      "TLSv1.1",
      "TLSv1_1_method"
    ],
    "secureVersions": [
      "TLSv1.2",
      "TLSv1_2_method",
      "TLSv1.3",
      "TLSv1_3_method"
    ],
    "configKeys": [
      "minVersion",
      "maxVersion",
      "secureProtocol",
      "secureOptions",
      "protocol"
    ],
    "frameworks": ["express", "nextjs", "nuxtjs", "nestjs", "fastify", "koa"]
  }
}