From 8b6b71e133735d450a79b819de6e37aff584c4ef Mon Sep 17 00:00:00 2001
From: Shuanglei Tao <tsl0922@gmail.com>
Date: Mon, 4 Jul 2022 23:12:04 +0800
Subject: [PATCH] server: disable tls 1.0/1.1 by default for openssl

---
 src/server.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/server.c b/src/server.c
index 5b72c4e..c135ab9 100644
--- a/src/server.c
+++ b/src/server.c
@@ -532,6 +532,9 @@ int main(int argc, char **argv) {
   if (ssl) {
     info.ssl_cert_filepath = cert_path;
     info.ssl_private_key_filepath = key_path;
+    #ifndef LWS_WITH_MBEDTLS
+    info.ssl_options_set = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
+    #endif
     if (strlen(ca_path) > 0) {
       info.ssl_ca_filepath = ca_path;
       info.options |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;
-- 
2.43.4