libtls: Increase default min version to 1.2
The older versions are generally considered deprecated (there is an Internet-Draft that aims to do that formally).
This commit is contained in:
parent
3abcbf82b5
commit
a60e248b0d
|
@ -479,7 +479,7 @@ charon.tls.send_certreq_authorities = yes
|
|||
Whether to include CAs in a server's CertificateRequest message. May be
|
||||
disabled if clients can't handle a long list of CAs.
|
||||
|
||||
charon.tls.version_min = 1.0
|
||||
charon.tls.version_min = 1.2
|
||||
Minimum TLS version to negotiate.
|
||||
|
||||
charon.tls.version_max = 1.2
|
||||
|
|
|
@ -463,8 +463,8 @@ static void determine_versions(private_tls_t *this)
|
|||
char *version_str;
|
||||
|
||||
if (this->version_min == TLS_UNSPEC)
|
||||
{
|
||||
this->version_min = TLS_SUPPORTED_MIN;
|
||||
{ /* default to TLS 1.2 as older versions are considered deprecated */
|
||||
this->version_min = TLS_1_2;
|
||||
|
||||
version_str = lib->settings->get_str(lib->settings, "%s.tls.version_min",
|
||||
NULL, lib->ns);
|
||||
|
|
Loading…
Reference in New Issue