From: Shuanglei Tao <tsl0922@gmail.com>
Date: Mon, 4 Jul 2022 15:12:04 +0000 (+0800)
Subject: server: disable tls 1.0/1.1 by default for openssl
X-Git-Url: http://git.prime8.dev/?a=commitdiff_plain;h=8b6b71e133735d450a79b819de6e37aff584c4ef;p=ttyd.git

server: disable tls 1.0/1.1 by default for openssl
---

diff --git a/src/server.c b/src/server.c
index 5b72c4e..c135ab9 100644
--- a/src/server.c
+++ b/src/server.c
@@ -532,6 +532,9 @@ int main(int argc, char **argv) {
   if (ssl) {
     info.ssl_cert_filepath = cert_path;
     info.ssl_private_key_filepath = key_path;
+    #ifndef LWS_WITH_MBEDTLS
+    info.ssl_options_set = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
+    #endif
     if (strlen(ca_path) > 0) {
       info.ssl_ca_filepath = ca_path;
       info.options |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;