From 13dfffd203102fe21b454df756d9e4296fe75cfd Mon Sep 17 00:00:00 2001
From: Chris Werner Rau <CWRau@CWRCoding.com>
Date: Sat, 10 Mar 2018 16:39:07 +0100
Subject: [PATCH] tls: Change default tls minimum version to 1.2 (#2053)

---
 caddytls/config.go     | 2 +-
 caddytls/setup_test.go | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/caddytls/config.go b/caddytls/config.go
index 938cb08c..43956a25 100644
--- a/caddytls/config.go
+++ b/caddytls/config.go
@@ -511,7 +511,7 @@ func SetDefaultTLSParams(config *Config) {
 
 	// Set default protocol min and max versions - must balance compatibility and security
 	if config.ProtocolMinVersion == 0 {
-		config.ProtocolMinVersion = tls.VersionTLS11
+		config.ProtocolMinVersion = tls.VersionTLS12
 	}
 	if config.ProtocolMaxVersion == 0 {
 		config.ProtocolMaxVersion = tls.VersionTLS12
diff --git a/caddytls/setup_test.go b/caddytls/setup_test.go
index b93b1fc5..a47d7172 100644
--- a/caddytls/setup_test.go
+++ b/caddytls/setup_test.go
@@ -67,8 +67,8 @@ func TestSetupParseBasic(t *testing.T) {
 	}
 
 	// Security defaults
-	if cfg.ProtocolMinVersion != tls.VersionTLS11 {
-		t.Errorf("Expected 'tls1.1 (0x0302)' as ProtocolMinVersion, got %#v", cfg.ProtocolMinVersion)
+	if cfg.ProtocolMinVersion != tls.VersionTLS12 {
+		t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMinVersion, got %#v", cfg.ProtocolMinVersion)
 	}
 	if cfg.ProtocolMaxVersion != tls.VersionTLS12 {
 		t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMaxVersion, got %v", cfg.ProtocolMaxVersion)