diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index dd972649b..868ee1d05 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -479,7 +479,7 @@ charon.tls.send_certreq_authorities = yes
 	Whether to include CAs in a server's CertificateRequest message. May be
 	disabled if clients can't handle a long list of CAs.
 
-charon.tls.version_min = 1.0
+charon.tls.version_min = 1.2
 	Minimum TLS version to negotiate.
 
 charon.tls.version_max = 1.2
diff --git a/src/libtls/tls.c b/src/libtls/tls.c
index da45f4b99..ae14213a0 100644
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@@ -463,8 +463,8 @@ static void determine_versions(private_tls_t *this)
 	char *version_str;
 
 	if (this->version_min == TLS_UNSPEC)
-	{
-		this->version_min = TLS_SUPPORTED_MIN;
+	{	/* default to TLS 1.2 as older versions are considered deprecated */
+		this->version_min = TLS_1_2;
 
 		version_str = lib->settings->get_str(lib->settings, "%s.tls.version_min",
 											 NULL, lib->ns);