psPAS PowerShell module does not explicitly enforce TLS 1.2 within the Get-PASSAMLResponse function during the SAML authentication process. An unauthenticated attacker in a Man-in-the-Middle position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.209.
A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.