From d15c9d0ee677e9360e82b4f72c62e4d7b11b9279 Mon Sep 17 00:00:00 2001
From: "Jean-Marc Pigeon (Delson)" <jmp@safe.ca>
Date: Sat, 19 Jul 2025 16:11:16 -0400
Subject: [PATCH] Checking behavier using only TLS1_3_VERSION

---
 Makefile     | 2 +-
 lib/unitls.c | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index f28a26d..4efc070 100644
--- a/Makefile
+++ b/Makefile
@@ -148,7 +148,7 @@ tlsref:
 			-cert certs/localhost-cert.pem			\
 			-key certs/localhost-key.pem			\
 			-starttls smtp					\
-			-connect tar1.osukiss.org:25
+			-connect $(TESTSRV):$(TESTPORT)	
 
 #			-connect mx2.free.fr:25
 #			-connect mailprod1.safe.ca:587
diff --git a/lib/unitls.c b/lib/unitls.c
index f61ac64..3d4b46a 100644
--- a/lib/unitls.c
+++ b/lib/unitls.c
@@ -295,6 +295,7 @@ while (proceed==true) {
       (void) SSL_CTX_set_purpose(tls->ctx,X509_PURPOSE_ANY);
       (void) SSL_CTX_set_verify_depth(tls->ctx,7);
       (void) SSL_CTX_set_options(tls->ctx,SSL_OP_ALL);
+      (void) SSL_CTX_set_min_proto_version(tls->ctx,TLS1_3_VERSION);
       (void) SSL_CTX_set_security_level(tls->ctx,seclevel);
       if (SSL_CTX_set_cipher_list(tls->ctx,cipher_list)==0) {
         (void) showtlserror(tls,0,"No cipher list");
-- 
2.47.3