From aa78b407c823803137e42b973d9c2508015fec10 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Thu, 8 May 2025 15:04:38 +0200
Subject: [PATCH] ocserv: disable TLS<1.2

---
 roles/ocserv/templates/ocserv.conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/ocserv/templates/ocserv.conf.j2 b/roles/ocserv/templates/ocserv.conf.j2
index 3ddeadf..2dff89a 100644
--- a/roles/ocserv/templates/ocserv.conf.j2
+++ b/roles/ocserv/templates/ocserv.conf.j2
@@ -15,6 +15,7 @@ cisco-client-compat = true
 dtls-legacy = true
 compression = true
 isolate-workers = true
+tls-priorities = NORMAL:-VERS-TLS1.0:-VERS-TLS1.1
 
 auth = certificate
 ca-cert = /etc/ocserv/ca.crt