explicitly require TLS 1.2 or 1.3

it's the default, but just in case (since gemini spec explicitly talks about 1.3 as "default" and 1.2 for ease of implementation)
author: Omar Polo <op@omarpolo.com> 2020-10-03 12:24:14 +0200
committer: Omar Polo <op@omarpolo.com> 2020-10-03 12:24:14 +0200
commit: 0d8ca45a28a97215c20fdc13c13f764cb571ad7c (patch)
tree: bc600b80a5a8098a57c41fe751af8cad50e7b848
parent: 3e45af4d4f0518678ced2203fdee6267c98fb634 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/gmid.c b/gmid.c
index b7db8b9..394dd9a 100644
--- a/gmid.c
+++ b/gmid.c
@@ -391,6 +391,10 @@ main(int argc, char **argv)
 	if ((conf = tls_config_new()) == NULL)
 		err(1, "tls_config_new");
 
+	if (tls_config_set_protocols(conf,
+	    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3) == -1)
+		err(1, "tls_config_set_protocols");
+
 	if ((m = tls_load_file(cert, &mlen, NULL)) == NULL)
 		err(1, "tls_load_file: %s", cert);
 	if (tls_config_set_cert_mem(conf, m, mlen) == -1)
author	Omar Polo <op@omarpolo.com>	2020-10-03 12:24:14 +0200
committer	Omar Polo <op@omarpolo.com>	2020-10-03 12:24:14 +0200
commit	0d8ca45a28a97215c20fdc13c13f764cb571ad7c (patch)
tree	bc600b80a5a8098a57c41fe751af8cad50e7b848
parent	3e45af4d4f0518678ced2203fdee6267c98fb634 (diff)