Adding tls-version-min

[peterbeck]

Hey there,

I am a longtime user of this module. But I've used quiet an old version so I did an upgrade, as so much was added / changed. Most of my servers are still running with Debian Jessie (8.x, soon to be upgraded).

It seems I can't connect with the current defaults - getting following message

SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

when commenting tls-cipher in the server- and client config, it does work, but of course this is not what I intend to do.

But when adding tls-version-min on the server config, it seems to work flawless again

tls-version-min 1.2

Could we add these options for the server config ? Shall I create a pull request with that addition ?
As this is also recommended in the hardening manual, I think this would be reasonable.

Regards
Peter

[bastelfreak]

Hi @peterbeck, thanks for this issue. Can you provide a PR for this?

[peterbeck]

Hi @bastelfreak, of course, will do tomorrow. What do you think, defaults to an empty string / unset, so that existing deployments aren't impaired ?

[peterbeck]

I've made a pull request - hope I've done it the right way ;-)