fix: tls version limit for rustls (#2203)

seanmonstar · Mar 23, 2024 · 04bf45f · 04bf45f
1 parent 056f8c4
commit 04bf45f
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/src/async_impl/client.rs b/src/async_impl/client.rs
@@ -551,9 +551,14 @@ impl ClientBuilder {
                         });
                     }
 
+                    if versions.is_empty() {
+                        return Err(crate::error::builder("empty supported tls versions"));
+                    }
+
                     // Build TLS config
                     let config_builder =
-                        rustls::ClientConfig::builder().with_root_certificates(root_cert_store);
+                        rustls::ClientConfig::builder_with_protocol_versions(&versions)
+                            .with_root_certificates(root_cert_store);
 
                     // Finalize TLS config
                     let mut tls = if let Some(id) = config.identity {
@@ -1475,6 +1480,9 @@ impl ClientBuilder {
     /// isn't supported, just that it can't be set as a maximum due to
     /// technical limitations.
     ///
+    /// Cannot set a maximum outside the protocol versions supported by
+    /// `rustls` with the `rustls-tls` backend.
+    ///
     /// # Optional
     ///
     /// This requires the optional `default-tls`, `native-tls`, or `rustls-tls(-...)`