From 1f5ddccf404df6cc0bec9f7cd47fac53db74c9a2 Mon Sep 17 00:00:00 2001
From: Sebastian Reimers <hallo@studio-link.de>
Date: Sat, 9 Sep 2023 10:50:44 +0200
Subject: [PATCH] set min proto depend on method

---
 src/tls/openssl/tls.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/tls/openssl/tls.c b/src/tls/openssl/tls.c
index 221b3fbdf..5d3f7cf92 100644
--- a/src/tls/openssl/tls.c
+++ b/src/tls/openssl/tls.c
@@ -236,6 +236,7 @@ int tls_alloc(struct tls **tlsp, enum tls_method method, const char *keyfile,
 {
 	struct tls *tls;
 	int r, err;
+	int min_proto = 0;
 
 	if (!tlsp)
 		return EINVAL;
@@ -250,6 +251,7 @@ int tls_alloc(struct tls **tlsp, enum tls_method method, const char *keyfile,
 	case TLS_METHOD_TLS:
 	case TLS_METHOD_SSLV23:
 		tls->ctx = SSL_CTX_new(TLS_method());
+		min_proto = TLS1_2_VERSION;
 		break;
 
 	case TLS_METHOD_DTLS:
@@ -270,9 +272,11 @@ int tls_alloc(struct tls **tlsp, enum tls_method method, const char *keyfile,
 		goto out;
 	}
 
-	err = tls_set_min_proto_version(tls, TLS1_2_VERSION);
-	if (err) {
-		goto out;
+	if (min_proto) {
+		err = tls_set_min_proto_version(tls, min_proto);
+		if (err) {
+			goto out;
+		}
 	}
 
 #if defined(TRACE_SSL)