commit 0d8ca45a28a97215c20fdc13c13f764cb571ad7c
from: Omar Polo <op@omarpolo.com>
date: Sat Oct 03 10:24:14 2020 UTC

explicitly require TLS 1.2 or 1.3

it's the default, but just in case (since gemini spec explicitly talks
about 1.3 as "default" and 1.2 for ease of implementation)

commit - 3e45af4d4f0518678ced2203fdee6267c98fb634
commit + 0d8ca45a28a97215c20fdc13c13f764cb571ad7c
blob - b7db8b9d8d61e6d11bbdc113c406ad21f1dba133
blob + 394dd9a50a3f2b4696417147fea60e967ba0105c
--- gmid.c
+++ gmid.c
@@ -390,6 +390,10 @@ main(int argc, char **argv)
 
 	if ((conf = tls_config_new()) == NULL)
 		err(1, "tls_config_new");
+
+	if (tls_config_set_protocols(conf,
+	    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3) == -1)
+		err(1, "tls_config_set_protocols");
 
 	if ((m = tls_load_file(cert, &mlen, NULL)) == NULL)
 		err(1, "tls_load_file: %s", cert);