From b9ecf19980f0c7ad6772da154e638d6af843c3b0 Mon Sep 17 00:00:00 2001
From: Evie Viau <evie@eviee.gay>
Date: Thu, 4 Dec 2025 23:25:35 -0800
Subject: [PATCH] Enable TLS 1.0/1.1

---
 modules/caddytls/connpolicy.go | 2 +-
 modules/caddytls/values.go     | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
index 724271a8..b7080d5c 100644
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@@ -139,7 +139,7 @@ func (cp ConnectionPolicies) TLSConfig(ctx caddy.Context) *tls.Config {
 	}
 
 	tlsCfg := &tls.Config{
-		MinVersion:         tls.VersionTLS12,
+		MinVersion:         tls.VersionTLS10,
 		GetConfigForClient: getConfigForClient,
 	}
 
diff --git a/modules/caddytls/values.go b/modules/caddytls/values.go
index 3198ffa0..d4ab7459 100644
--- a/modules/caddytls/values.go
+++ b/modules/caddytls/values.go
@@ -117,7 +117,10 @@ var defaultCurves = []tls.CurveID{
 }
 
 // SupportedProtocols is a map of supported protocols.
+// Note that HTTP/2 only supports TLS 1.2 and higher.
 var SupportedProtocols = map[string]uint16{
+	"tls1.0": tls.VersionTLS10,
+	"tls1.1": tls.VersionTLS11,
 	"tls1.2": tls.VersionTLS12,
 	"tls1.3": tls.VersionTLS13,
 }
@@ -127,8 +130,6 @@ var SupportedProtocols = map[string]uint16{
 var unsupportedProtocols = map[string]uint16{
 	//nolint:staticcheck
 	"ssl3.0": tls.VersionSSL30,
-	"tls1.0": tls.VersionTLS10,
-	"tls1.1": tls.VersionTLS11,
 }
 
 // publicKeyAlgorithms is the map of supported public key algorithms.