From 9c4a097d900fb623abeb61d3a58cf58e9c5f383f Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Mon, 20 Nov 2023 05:13:06 +0000
Subject:  Update documentation; make s6-tlsd-io more conservative by default

Signed-off-by: Laurent Bercot <ska@appnovation.com>
---
 src/sbearssl/sbearssl_server_init_and_run.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/sbearssl')

diff --git a/src/sbearssl/sbearssl_server_init_and_run.c b/src/sbearssl/sbearssl_server_init_and_run.c
index 01abb32..248a18a 100644
--- a/src/sbearssl/sbearssl_server_init_and_run.c
+++ b/src/sbearssl/sbearssl_server_init_and_run.c
@@ -82,6 +82,7 @@ void sbearssl_server_init_and_run (int *fds, tain const *tto, uint32_t preoption
     br_x509_trust_anchor btas[n ? n : 1] ;
 
     sbearssl_sctx_init_full_generic(&sc) ;
+    if (!(preoptions & 16)) br_ssl_engine_set_versions(&sc.eng, BR_TLS12, BR_TLS12) ;
     sbearssl_sctx_set_policy_sni(&sc, &pol) ;
     random_buf((char *)bufi, 32) ;
     br_ssl_engine_inject_entropy(&sc.eng, bufi, 32) ;
-- 
cgit v1.2.3