We received the following security vulnerability report:

A bit of context – we use Veracode to scan both our applications as well as the associated libraries. Veracode has raised a vulnerability in the videoplayer package and in particular in the CustomSSLSocketFactory.java class at line 72 (also at line 21, I believe the two are related). The flaw it is raising against it is CWE ID 757. When looking at line 72, it shows that the enabled protocols are TLS v1.1 as well as TLS v1.2.

I believe that TLS v1.1 has been deprecated (March 2021) and that TLS v1.2 is the minimum version. Is there consideration to update the class to look for TLS v1.2 or higher? Or is there a way to override the check and enforce TLS v1.2?