downgrade to tls12

2025-11-04 15:52:38 +08:00 · 2018-10-29 16:26:37 +08:00 · 2018-10-29 16:26:37 +08:00 · 88e33cab7e
commit 88e33cab7e
parent e27601f648
1 changed files with 4 additions and 5 deletions
--- a/proxy/tls/tls.go
+++ b/proxy/tls/tls.go
@ -130,10 +130,9 @@ func (s *TLS) ListenAndServe(c net.Conn) {
 		tlsConfig = &stdtls.Config{
 			Certificates:     []stdtls.Certificate{cert},
-			MinVersion:       stdtls.VersionTLS12,
+			MinVersion:       stdtls.VersionTLS10,
-			MaxVersion:       stdtls.VersionTLS13,
+			MaxVersion:       stdtls.VersionTLS12,
 			SessionTicketKey: ticketKey,
 			Accept0RTTData:   true,
 		}
 	} else {
 		tlsConfig = nil
@ -184,8 +183,8 @@ func (s *TLS) Dial(network, addr string) (net.Conn, error) {
 		ServerName:         s.serverName,
 		InsecureSkipVerify: s.skipVerify,
 		ClientSessionCache: stdtls.NewLRUClientSessionCache(64),
-		MinVersion:         stdtls.VersionTLS12,
+		MinVersion:         stdtls.VersionTLS10,
-		MaxVersion:         stdtls.VersionTLS13,
+		MaxVersion:         stdtls.VersionTLS12,
 	}
 	c := stdtls.Client(cc, conf)