From 691bc18dd0481fabd8b21e62b095eae6ff4babe1 Mon Sep 17 00:00:00 2001
From: Jiahao XU <Jiahao_XU@outlook.com>
Date: Thu, 23 Jun 2022 13:03:50 +1000
Subject: [PATCH] Set min TLS ver to 1.2 for https only mode

Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---
 src/helpers.rs | 4 ++++
 src/main.rs    | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/helpers.rs b/src/helpers.rs
index 6be1df71..03bf97c9 100644
--- a/src/helpers.rs
+++ b/src/helpers.rs
@@ -53,6 +53,10 @@ pub fn new_reqwest_client_builder() -> ClientBuilder {
     if let Some((https_only, min_tls_ver_opt)) = REQWESTGLOBALCONFIG.get() {
         builder = builder.https_only(*https_only);
 
+        if *https_only {
+            builder = builder.min_tls_version(reqwest::tls::Version::TLS_1_2);
+        }
+
         if let Some(min_tls_ver) = *min_tls_ver_opt {
             builder = builder.min_tls_version(min_tls_ver.into());
         }
diff --git a/src/main.rs b/src/main.rs
index 10b9f034..5b2294ac 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -84,7 +84,10 @@ struct Options {
     #[clap(long)]
     no_cleanup: bool,
 
-    /// Enable https only mode
+    /// Enable https only mode.
+    ///
+    /// When https only mode is enabled, it will also set
+    /// minimum TLS version to tls1_2.
     #[clap(long)]
     https_only_mode: bool,