server: disable tls 1.0/1.1 by default for openssl

2025-12-30 07:24:23 +01:00 · 2022-07-04 23:12:04 +08:00
parent a41c05e79a
commit 8b6b71e133
1 changed files with 3 additions and 0 deletions
--- a/src/server.c
+++ b/src/server.c
@@ -532,6 +532,9 @@ int main(int argc, char **argv) {
  if (ssl) {
    info.ssl_cert_filepath = cert_path;
    info.ssl_private_key_filepath = key_path;
+    #ifndef LWS_WITH_MBEDTLS
+    info.ssl_options_set = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
+    #endif
    if (strlen(ca_path) > 0) {
      info.ssl_ca_filepath = ca_path;
      info.options |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;