- if (DNS_SERVER_FEATURE_LEVEL_IS_TLS(t->current_feature_level)) {
- assert(t->server);
-
- r = gnutls_init(&gs, GNUTLS_CLIENT | GNUTLS_ENABLE_FALSE_START | GNUTLS_NONBLOCK);
- if (r < 0)
- return r;
-
- /* As DNS-over-TLS is a recent protocol, older TLS versions can be disabled */
- r = gnutls_priority_set_direct(gs, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL);
- if (r < 0)
- return r;
-
- r = gnutls_credentials_set(gs, GNUTLS_CRD_CERTIFICATE, t->server->tls_cert_cred);
- if (r < 0)
- return r;
-
- if (t->server->tls_session_data.size > 0)
- gnutls_session_set_data(gs, t->server->tls_session_data.data, t->server->tls_session_data.size);
-
- gnutls_handshake_set_timeout(gs, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+ if (t->scope->protocol == DNS_PROTOCOL_DNS &&
+ DNS_SERVER_FEATURE_LEVEL_IS_TLS(t->current_feature_level)) {