ramsayleung
commented
4 months ago Thanks for your contribution :)
Closed Property404 closed 4 months ago
ramsayleung
commented
4 months ago Thanks for your contribution :)
Description
Explicity opt-out of old TLS versions when using the ureq-native-tls feature. Rust-native-tls enables these outdated TLS versions by default
Motivation and Context
TLS 1.0 and 1.1 have been deprecated since 2021. Enabling TLS 1.0/1.1 has possibility (albeit a low one) of introducing a security vulnerability. All modern clients and servers have supported 1.2 for years, so this should be an issue
Dependencies
None
Type of change
How has this been tested?
Locally only, through cargo-test and cargo-clippy
Is this change properly documented?
Added a short comment explaining reasoning