From c3abf982866dff16ffc4813b862f1f3f1c82d2d2 Mon Sep 17 00:00:00 2001
From: Aaron Jones <aaronmdjones@gmail.com>
Date: Fri, 30 Dec 2016 17:54:05 +0000
Subject: [PATCH] MbedTLS: Disable TLSv1.0

---
 librb/src/mbedtls.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/librb/src/mbedtls.c b/librb/src/mbedtls.c
index 1f3c9460..07873568 100644
--- a/librb/src/mbedtls.c
+++ b/librb/src/mbedtls.c
@@ -153,7 +153,7 @@ rb_ssl_init_fd(rb_fde_t *const F, const rb_fd_tls_direction dir)
 		return;
 	}
 
-	mbedtls_ssl_config *mbed_config;
+	mbedtls_ssl_config *mbed_config = NULL;
 
 	switch(dir)
 	{
@@ -233,6 +233,9 @@ rb_mbedtls_cfg_new(void)
 	mbedtls_ssl_conf_authmode(&cfg->server_cfg, MBEDTLS_SSL_VERIFY_OPTIONAL);
 	mbedtls_ssl_conf_authmode(&cfg->client_cfg, MBEDTLS_SSL_VERIFY_NONE);
 
+	mbedtls_ssl_conf_min_version(&cfg->server_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2);
+	mbedtls_ssl_conf_min_version(&cfg->client_cfg, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2);
+
 	#ifdef MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
 	mbedtls_ssl_conf_legacy_renegotiation(&cfg->client_cfg, MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE);
 	#endif