From 13ab20037268c1107a396935ca76086de2794ae3 Mon Sep 17 00:00:00 2001
From: Vlad Lipskiy <vlad.lipskiy@enfocus.com>
Date: Fri, 2 Apr 2021 18:01:44 +0300
Subject: [PATCH] Enables TLS 1.3 support in server_https.

---
 server_https.hpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server_https.hpp b/server_https.hpp
index 48ae673..c563078 100644
--- a/server_https.hpp
+++ b/server_https.hpp
@@ -28,7 +28,11 @@ namespace SimpleWeb {
      * @param verify_file        If non-empty, use this certificate authority file to perform verification of client's certificate and hostname according to RFC 2818.
      */
     Server(const std::string &certification_file, const std::string &private_key_file, const std::string &verify_file = std::string())
-        : ServerBase<HTTPS>::ServerBase(443), context(asio::ssl::context::tlsv12) {
+        : ServerBase<HTTPS>::ServerBase(443), context(asio::ssl::context::tls_server) {
+      // Disabling TLS 1.0 and 1.1 (see RFC 8996)
+      context.set_options(asio::ssl::context::no_tlsv1);
+      context.set_options(asio::ssl::context::no_tlsv1_1);
+
       context.use_certificate_chain_file(certification_file);
       context.use_private_key_file(private_key_file, asio::ssl::context::pem);