Any browser (Firefox, Chrome, Opera) that can run Verto can do TLS1.2, We shouldn't lower the bar when we don't need too.

src/mod/endpoints/mod_verto/mod_verto.c

@@ -150,6 +150,17 @@ static void verto_init_ssl(verto_profile_t *profile)
 	profile->ssl_ready = 1;
 	assert(profile->ssl_ctx);
 
+	/* Disable SSLv2 */
+	SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_SSLv2);
+	/* Disable SSLv3 */
+	SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_SSLv3);
+	/* Disable TLSv1 */
+	SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_TLSv1);
+	/* Disable TLSv1_1 */
+	SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_TLSv1_1);
+	/* Disable Compression CRIME (Compression Ratio Info-leak Made Easy) */
+	SSL_CTX_set_options(profile->ssl_ctx, SSL_OP_NO_COMPRESSION);
+
 	/* set the local certificate from CertFile */
 	if (!zstr(profile->chain)) {
 		SSL_CTX_use_certificate_chain_file(profile->ssl_ctx, profile->chain);

src/mod/endpoints/mod_verto/ws.c

@@ -92,10 +92,20 @@ void init_ssl(void) {
 
 	OpenSSL_add_all_algorithms();   /* load & register cryptos */
 	SSL_load_error_strings();     /* load all error messages */
-	ws_globals.ssl_method = TLSv1_server_method();   /* create server instance */
+	ws_globals.ssl_method = SSLv23_server_method();   /* create server instance */
 	ws_globals.ssl_ctx = SSL_CTX_new(ws_globals.ssl_method);         /* create context */
 	assert(ws_globals.ssl_ctx);
-	
+
+	/* Disable SSLv2 */
+	SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_SSLv2);
+	/* Disable SSLv3 */
+	SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_SSLv3);
+	/* Disable TLSv1 */
+	SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_TLSv1);
+	/* Disable TLSv1_1 */
+	SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_TLSv1_1);
+	/* Disable Compression CRIME (Compression Ratio Info-leak Made Easy) */
+	SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_COMPRESSION);
 	/* set the local certificate from CertFile */
 	SSL_CTX_use_certificate_file(ws_globals.ssl_ctx, ws_globals.cert, SSL_FILETYPE_PEM);
 	/* set the private key from KeyFile */