Security feature request: option for disabling deprecated TLS 1.1

[Ysincit]

Hello, I see, you already use at least boost 1.58.0, so no_tlsv1_1 is available and enhance: socket_helpers.cpp

        if (key == "no-tlsv1")
            opts |= boost::asio::ssl::context::no_tlsv1;

to

        if (key == "no-tlsv1")
            opts |= boost::asio::ssl::context::no_tlsv1;
        if (key == "no-tlsv1.1")
            opts |= boost::asio::ssl::context::no_tlsv1_1;

should be possible.

Have a nice day!

[uSlackr]

We have this issue as well. For us it is in NRPD. But the NRPE client seems to have an issue too

[Carlos-Byte-Sys]

Good day @mickem For some months many vulnerability scanners show TLS 1.1 as deprecated (https://www.tenable.com/plugins/nessus/157288) That affects a lot of companies using Nsclient, as it can only be configured to "not_use" TLS1.0 (as stated above)

Please, implement the option of the previous messages, as we understand that the library supports disabling TLS1 though TLS 1.3 https://think-async.com/Asio/boost_asio_1_18_0/doc/html/boost_asio/reference/ssl__context.html

Thanks in advance.