From 04bf45f4ecc4e3f62cb6cd3e9ecea5476a728d7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=99=88=E5=AF=92=E5=BD=A4?=
 <70561268+cxw620@users.noreply.github.com>
Date: Sat, 23 Mar 2024 19:02:51 +0800
Subject: [PATCH] fix: tls version limit for rustls (#2203)

---
 src/async_impl/client.rs | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/async_impl/client.rs b/src/async_impl/client.rs
index faed4f6a3..079bd259d 100644
--- a/src/async_impl/client.rs
+++ b/src/async_impl/client.rs
@@ -551,9 +551,14 @@ impl ClientBuilder {
                         });
                     }
 
+                    if versions.is_empty() {
+                        return Err(crate::error::builder("empty supported tls versions"));
+                    }
+
                     // Build TLS config
                     let config_builder =
-                        rustls::ClientConfig::builder().with_root_certificates(root_cert_store);
+                        rustls::ClientConfig::builder_with_protocol_versions(&versions)
+                            .with_root_certificates(root_cert_store);
 
                     // Finalize TLS config
                     let mut tls = if let Some(id) = config.identity {
@@ -1475,6 +1480,9 @@ impl ClientBuilder {
     /// isn't supported, just that it can't be set as a maximum due to
     /// technical limitations.
     ///
+    /// Cannot set a maximum outside the protocol versions supported by
+    /// `rustls` with the `rustls-tls` backend.
+    ///
     /// # Optional
     ///
     /// This requires the optional `default-tls`, `native-tls`, or `rustls-tls(-...)`