Enable TLS 1.0/1.1

2025-12-04 23:25:35 -08:00 · 2025-12-04 23:25:35 -08:00 · b9ecf19980
commit b9ecf19980
parent 551f793700
2 changed files with 4 additions and 3 deletions
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@ -139,7 +139,7 @@ func (cp ConnectionPolicies) TLSConfig(ctx caddy.Context) *tls.Config {
 	}

 	tlsCfg := &tls.Config{
-		MinVersion:         tls.VersionTLS12,
+		MinVersion:         tls.VersionTLS10,
 		GetConfigForClient: getConfigForClient,
 	}

--- a/modules/caddytls/values.go
+++ b/modules/caddytls/values.go
@ -117,7 +117,10 @@ var defaultCurves = []tls.CurveID{
 }

 // SupportedProtocols is a map of supported protocols.
+// Note that HTTP/2 only supports TLS 1.2 and higher.
 var SupportedProtocols = map[string]uint16{
+	"tls1.0": tls.VersionTLS10,
+	"tls1.1": tls.VersionTLS11,
 	"tls1.2": tls.VersionTLS12,
 	"tls1.3": tls.VersionTLS13,
 }
@ -127,8 +130,6 @@ var SupportedProtocols = map[string]uint16{
 var unsupportedProtocols = map[string]uint16{
 	//nolint:staticcheck
 	"ssl3.0": tls.VersionSSL30,
-	"tls1.0": tls.VersionTLS10,
-	"tls1.1": tls.VersionTLS11,
 }

 // publicKeyAlgorithms is the map of supported public key algorithms.