From 7814e870a79cc19b65c664dfdccc778d762c3d58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Oliveirinha?= <joliveirinha@cloudflare.com>
Date: Mon, 3 Jan 2022 12:21:04 +0000
Subject: [PATCH] TUN-5612: Add support for specifying TLS min/max version

---
 tlsconfig/tlsconfig.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tlsconfig/tlsconfig.go b/tlsconfig/tlsconfig.go
index 32090785..7b368d3d 100644
--- a/tlsconfig/tlsconfig.go
+++ b/tlsconfig/tlsconfig.go
@@ -19,6 +19,8 @@ type TLSParameters struct {
 	RootCAs          []string
 	ServerName       string
 	CurvePreferences []tls.CurveID
+	minVersion       uint16 // min tls version. If zero, TLS1.0 is defined as minimum.
+	maxVersion       uint16 // max tls version. If zero, last TLS version is used defined as limit (currently TLS1.3)
 }
 
 // GetConfig returns a TLS configuration according to the Config set by the user.
@@ -72,6 +74,9 @@ func GetConfig(p *TLSParameters) (*tls.Config, error) {
 		tlsconfig.CurvePreferences = []tls.CurveID{tls.CurveP256}
 	}
 
+	tlsconfig.MinVersion = p.minVersion
+	tlsconfig.MaxVersion = p.maxVersion
+
 	return tlsconfig, nil
 }