Beta App Review – TLS 1.0/1.1 Rejection Despite Supporting Only TLS 1.2+
Hi Zoom Developer Community,
I’m currently in the process of submitting my app for Beta Testing on the Zoom Marketplace.
After completing all mandatory requirements and switching the environment to Production, my app failed the Security and Privacy Compliance Review with the following message:
“We noticed your app supports TLS 1.0 & TLS 1.1, which are considered insecure. Please consider ceasing/upgrading these versions.”
However, I’ve verified multiple times that:
TLS 1.0 and 1.1 are completely disabled on our servers.
Only TLS 1.2 and 1.3 are enabled for all inbound and outbound HTTPS traffic.
The backend (Node.js / NestJS) runs behind a reverse proxy with strict SSL configuration.
We’ve attached full configuration and connection test screenshots in our reply to the Marketplace team as proof, but the review still failed.
I’d really appreciate if anyone from the Zoom team or community could help clarify:
How does Zoom test or verify TLS protocol versions during app security review?
Could there be any specific endpoint or redirect Zoom checks that might cause this false flag?
Has anyone else encountered this issue during Beta or Production app review, and how did you resolve it?
We’ve been waiting quite a while for this process, so any insight or escalation would mean a lot.
Thanks in advance for your support and time!
Best,