From b0594976edf6eda1ea01c4c138df95020beb9634 Mon Sep 17 00:00:00 2001
From: Sebastian Reimers <hallo@studio-link.de>
Date: Sat, 9 Sep 2023 10:43:02 +0200
Subject: [PATCH] tls/alloc: set default min proto

---
 src/tls/openssl/tls.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/tls/openssl/tls.c b/src/tls/openssl/tls.c
index abd97945a..ac1f5b676 100644
--- a/src/tls/openssl/tls.c
+++ b/src/tls/openssl/tls.c
@@ -236,6 +236,7 @@ int tls_alloc(struct tls **tlsp, enum tls_method method, const char *keyfile,
 {
 	struct tls *tls;
 	int r, err;
+	int min_proto = 0;
 
 	if (!tlsp)
 		return EINVAL;
@@ -250,6 +251,7 @@ int tls_alloc(struct tls **tlsp, enum tls_method method, const char *keyfile,
 	case TLS_METHOD_TLS:
 	case TLS_METHOD_SSLV23:
 		tls->ctx = SSL_CTX_new(TLS_method());
+		min_proto = TLS1_2_VERSION;
 		break;
 
 	case TLS_METHOD_DTLS:
@@ -270,6 +272,10 @@ int tls_alloc(struct tls **tlsp, enum tls_method method, const char *keyfile,
 		goto out;
 	}
 
+	err = tls_set_min_proto_version(tls, min_proto);
+	if (err)
+		goto out;
+
 #if defined(TRACE_SSL)
 	SSL_CTX_set_keylog_callback(tls->ctx, tls_keylogger_cb);
 #endif