Update documentation; make s6-tlsd-io more conservative by default

Signed-off-by: Laurent Bercot <ska@appnovation.com>
author: Laurent Bercot <ska-skaware@skarnet.org> 2023-11-20 05:13:06 +0000
committer: Laurent Bercot <ska@appnovation.com> 2023-11-20 05:13:06 +0000
commit: 9c4a097d900fb623abeb61d3a58cf58e9c5f383f (patch)
tree: e616efc1b33fcd984d1599b8b7f4473acc2ca779 /src/sbearssl
parent: 60b4d9d032509de8395b5c8131c36327f020946f (diff)
download: s6-networking-9c4a097d900fb623abeb61d3a58cf58e9c5f383f.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/sbearssl/sbearssl_server_init_and_run.c b/src/sbearssl/sbearssl_server_init_and_run.c
index 01abb32..248a18a 100644
--- a/src/sbearssl/sbearssl_server_init_and_run.c
+++ b/src/sbearssl/sbearssl_server_init_and_run.c
@@ -82,6 +82,7 @@ void sbearssl_server_init_and_run (int *fds, tain const *tto, uint32_t preoption
     br_x509_trust_anchor btas[n ? n : 1] ;
 
     sbearssl_sctx_init_full_generic(&sc) ;
+    if (!(preoptions & 16)) br_ssl_engine_set_versions(&sc.eng, BR_TLS12, BR_TLS12) ;
     sbearssl_sctx_set_policy_sni(&sc, &pol) ;
     random_buf((char *)bufi, 32) ;
     br_ssl_engine_inject_entropy(&sc.eng, bufi, 32) ;
author	Laurent Bercot <ska-skaware@skarnet.org>	2023-11-20 05:13:06 +0000
committer	Laurent Bercot <ska@appnovation.com>	2023-11-20 05:13:06 +0000
commit	9c4a097d900fb623abeb61d3a58cf58e9c5f383f (patch)
tree	e616efc1b33fcd984d1599b8b7f4473acc2ca779 /src/sbearssl
parent	60b4d9d032509de8395b5c8131c36327f020946f (diff)
download	s6-networking-9c4a097d900fb623abeb61d3a58cf58e9c5f383f.tar.xz