proto: restrict default rustls server config to TLS 1.3

quinn-rs · Apr 21, 2024 · 702eaca · 702eaca
1 parent bd324a4
commit 702eaca
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/quinn-proto/src/crypto/rustls.rs b/quinn-proto/src/crypto/rustls.rs
@@ -389,7 +389,7 @@ impl QuicServerConfig {
         let mut inner = rustls::ServerConfig::builder_with_provider(
             rustls::crypto::ring::default_provider().into(),
         )
-        .with_safe_default_protocol_versions()
+        .with_protocol_versions(&[&rustls::version::TLS13])
         .unwrap() // The *ring* default provider supports TLS 1.3
         .with_no_client_auth()
         .with_single_cert(cert_chain, key)