server: disable tls 1.0/1.1 by default for openssl

diff --git a/src/server.c b/src/server.c
index 5b72c4e0311230622382aadc0888e98f04b8fa2f..c135ab94a3f73b0808c2285e16cded46b1066558 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -532,6 +532,9 @@ int main(int argc, char **argv) {
   if (ssl) {
     info.ssl_cert_filepath = cert_path;
     info.ssl_private_key_filepath = key_path;
+    #ifndef LWS_WITH_MBEDTLS
+    info.ssl_options_set = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
+    #endif
     if (strlen(ca_path) > 0) {
       info.ssl_ca_filepath = ca_path;
       info.options |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;