From e23eafd0494e08da87871ebd9fa99d86e3efae4e Mon Sep 17 00:00:00 2001
From: Brian Bulkowski <brian@bulkowski.org>
Date: Sun, 1 Mar 2020 11:21:10 -0800
Subject: [PATCH] Shouldn't be using such old TLS versions. Glad they put in
 options for this. Really want 1.3 only but not clear if disabling 1.2 means
 1.3 can still run. Not using it at this point anyway, just came up when
 reviewing all options for other reasons.

---
 sdkconfig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sdkconfig b/sdkconfig
index 34a7e21..df939d9 100644
--- a/sdkconfig
+++ b/sdkconfig
@@ -410,8 +410,8 @@ CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA=y
 CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA=y
 CONFIG_MBEDTLS_SSL_RENEGOTIATION=y
 # CONFIG_MBEDTLS_SSL_PROTO_SSL3 is not set
-CONFIG_MBEDTLS_SSL_PROTO_TLS1=y
-CONFIG_MBEDTLS_SSL_PROTO_TLS1_1=y
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1 is not set
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_1 is not set
 CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=y
 # CONFIG_MBEDTLS_SSL_PROTO_DTLS is not set
 CONFIG_MBEDTLS_SSL_ALPN=y