From 0a551619c90ad3b07cbd12b50155c0a7cb746865 Mon Sep 17 00:00:00 2001
From: NFM-8 <>
Date: Mon, 7 Oct 2019 14:55:34 +0300
Subject: [PATCH] Do not allow TLS versions less than 1.2 in DoH client

---
 tunneldns/https_upstream.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tunneldns/https_upstream.go b/tunneldns/https_upstream.go
index ac9b60ec..7d48c912 100644
--- a/tunneldns/https_upstream.go
+++ b/tunneldns/https_upstream.go
@@ -34,7 +34,7 @@ func NewUpstreamHTTPS(endpoint string) (Upstream, error) {
 	}
 
 	// Update TLS and HTTP client configuration
-	tls := &tls.Config{ServerName: u.Hostname()}
+	tls := &tls.Config{ServerName: u.Hostname() MinVersion: tls.VersionTLS12}
 	transport := &http.Transport{
 		TLSClientConfig:    tls,
 		DisableCompression: true,