diff --git a/ssl/deprecated-tls.yaml b/ssl/deprecated-tls.yaml
new file mode 100644
index 00000000000..bfcd9696daa
--- /dev/null
+++ b/ssl/deprecated-tls.yaml
@@ -0,0 +1,20 @@
+id: deprecated-tls
+
+info:
+  name: Deprecated TLS Detection (inferior to TLS 1.2)
+  author: righettod
+  severity: info
+  reference: https://ssl-config.mozilla.org/#config=intermediate
+  metadata:
+    shodan-query: ssl.version:sslv2 ssl.version:sslv3 ssl.version:tlsv1 ssl.version:tlsv1.1
+  tags: ssl
+
+ssl:
+  - address: "{{Host}}:{{Port}}"
+    min_version: sslv3
+    max_version: tls11
+
+    extractors:
+      - type: json
+        json:
+          - " .tls_version"