The older versions are generally considered deprecated (there is an
Internet-Draft that aims to do that formally).
Whether to include CAs in a server's CertificateRequest message. May be
disabled if clients can't handle a long list of CAs.
-charon.tls.version_min = 1.0
+charon.tls.version_min = 1.2
Minimum TLS version to negotiate.
charon.tls.version_max = 1.2
char *version_str;
if (this->version_min == TLS_UNSPEC)
- {
- this->version_min = TLS_SUPPORTED_MIN;
+ { /* default to TLS 1.2 as older versions are considered deprecated */
+ this->version_min = TLS_1_2;
version_str = lib->settings->get_str(lib->settings, "%s.tls.version_min",
NULL, lib->ns);