TLS Downgrade Attack
An on-path attack that tricks a client and server into negotiating a weaker version of TLS or an obsolete cipher suite than both endpoints actually support.
A TLS downgrade attack manipulates the handshake so that two endpoints capable of TLS 1.3 with strong ciphers end up speaking TLS 1.0 with RC4, or fall back to plaintext entirely. Historical examples include POODLE (forcing SSLv3), FREAK (forcing export-grade RSA), and Logjam (forcing weak Diffie-Hellman). Mitigations are layered: TLS 1.3 made downgrade detection mandatory by signalling the highest supported version inside the random bytes; servers should disable TLS 1.0/1.1 and obsolete ciphers entirely; HSTS prevents protocol downgrade from HTTPS to HTTP; and for email, MTA-STS and DANE both pin TLS so opportunistic STARTTLS cannot be silently stripped.