How to enforce Jenkins to use TLS 1.2

Problem: security scan reports "Vulnerabilities: 20007 - SSL Version 2 and 3 Protocol Detection" against jenkins server.

Resolution: enforce Jenkins to use TLS 1.2, update C:\Program Files (x86)\Jenkins\jenkins.xml, add param as below in bold red, then restart jenkins.
  <executable>%BASE%\jre\bin\java</executable>
  <arguments>-Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -jar "%BASE%\jenkins.war" -Dhttps.protocols=TLSv1.2 --httpPort=8080 --webroot="%BASE%\war"</arguments>

 

Reference: How to enforce Jenkins to use TLS 1.2 (https://support.cloudbees.com/hc/en-us/articles/115003362911-How-to-enforce-Jenkins-to-use-TLS-1-2)
You can follow this KB to disable ciphers on your JVM Disabling Specific Ciphers In Jenkins or add this property to your Jenkins java properties -Dhttps.protocols=TLSv1.2