diff --git a/pkg/dbtoken/server.go b/pkg/dbtoken/server.go
index 7d8d50f31d1..829416b676d 100644
--- a/pkg/dbtoken/server.go
+++ b/pkg/dbtoken/server.go
@@ -64,6 +64,7 @@ func NewServer(
 		},
 		NextProtos:             []string{"h2", "http/1.1"},
 		SessionTicketsDisabled: true,
+		MinVersion:             tls.VersionTLS12,
 		CurvePreferences: []tls.CurveID{
 			tls.CurveP256,
 			tls.X25519,
diff --git a/pkg/frontend/frontend.go b/pkg/frontend/frontend.go
index 37e80f87c36..48812dd22c3 100644
--- a/pkg/frontend/frontend.go
+++ b/pkg/frontend/frontend.go
@@ -203,6 +203,7 @@ func NewFrontend(ctx context.Context,
 		NextProtos:             []string{"h2", "http/1.1"},
 		ClientAuth:             tls.RequestClientCert,
 		SessionTicketsDisabled: true,
+		MinVersion:             tls.VersionTLS12,
 		CurvePreferences: []tls.CurveID{
 			tls.CurveP256,
 			tls.X25519,
diff --git a/pkg/portal/portal.go b/pkg/portal/portal.go
index cbcda16de4f..a4fd41b0220 100644
--- a/pkg/portal/portal.go
+++ b/pkg/portal/portal.go
@@ -214,6 +214,7 @@ func (p *portal) Run(ctx context.Context) error {
 		},
 		NextProtos:             []string{"h2", "http/1.1"},
 		SessionTicketsDisabled: true,
+		MinVersion:             tls.VersionTLS12,
 		CurvePreferences: []tls.CurveID{
 			tls.CurveP256,
 			tls.X25519,
diff --git a/pkg/proxy/proxy.go b/pkg/proxy/proxy.go
index 41db49f653c..746a7d1c96f 100644
--- a/pkg/proxy/proxy.go
+++ b/pkg/proxy/proxy.go
@@ -76,6 +76,7 @@ func (s *Server) Run() error {
 		ClientCAs:              pool,
 		ClientAuth:             tls.RequireAndVerifyClientCert,
 		SessionTicketsDisabled: true,
+		MinVersion:             tls.VersionTLS12,
 		CurvePreferences: []tls.CurveID{
 			tls.CurveP256,
 			tls.X25519,