From 395f995b1917f2ec73d2ae370fb527efa6849890 Mon Sep 17 00:00:00 2001
From: Loganaden Velvindron <address@hidden>
Date: Mon, 14 Aug 2017 11:28:07 +0400
Subject: [PATCH 2/3] Align with recommended way to set minimum protocol
 version

Signed-off-by: Loganaden Velvindron <address@hidden>
---
 src/openssl.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/openssl.c b/src/openssl.c
index fefc94f3..cff467d1 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -243,11 +243,6 @@ ssl_init (void)
     case secure_protocol_tlsv1_3:
 #ifdef TLS1_3_VERSION
       meth = TLS_client_method ();
-      ssl_options |= SSL_OP_NO_SSLv2;
-      ssl_options |= SSL_OP_NO_SSLv3;
-      ssl_options |= SSL_OP_NO_TLSv1;
-      ssl_options |= SSL_OP_NO_TLSv1_1;
-      ssl_options |= SSL_OP_NO_TLSv1_2;
       break;
 #else
       logprintf (LOG_NOTQUIET, _("Your OpenSSL version hasn't been compiled with TLS 1.3 support\n"));
@@ -281,6 +276,11 @@ ssl_init (void)
   if (ssl_options)
     SSL_CTX_set_options (ssl_ctx, ssl_options);
 
+#ifdef TLS1_3_VERSION
+  if (SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION) == 0)
+     goto error;
+#endif
+
   /* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html
    * Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more)
    */
-- 
2.11.0