This option specifies the SSL or TLS version that will be used by the ACS for HTTPS connections.
The most compatible version is
tls, which will negotiate down from TLS 1.3
(most secure) to TLS 1.2 to TLS 1.1 and finally to TLS 1.0 (least secure). All
the other versions are strict and require specific support. For example, if the
ACS is configured to use
tlsv1_2, the CPE’s CWMP client MUST support TLS 1.2
or the connection will fail - the ACS will not negotiate down to a lesser
Section 3.3 of TR-069 Amendment 6 states that SSL 3.0 and TLS 1.0 SHOULD NOT be used. Likewise, this section also states that the CPE should use TLS 1.2.