From dcd5c5bb7301e675556412100d7dad07bf49195a Mon Sep 17 00:00:00 2001
From: Malte Janduda <mail@janduda.net>
Date: Tue, 10 Jan 2017 21:48:15 +0100
Subject: [PATCH 1/2] Example 10_openssl_server should use TLSv1.2 instead of
 SSLv3; fixed corrupted HTTP Header

---
 examples/protocols/openssl_server/main/openssl_server.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/protocols/openssl_server/main/openssl_server.c b/examples/protocols/openssl_server/main/openssl_server.c
index 1eea2110cee..7569124f7f4 100755
--- a/examples/protocols/openssl_server/main/openssl_server.c
+++ b/examples/protocols/openssl_server/main/openssl_server.c
@@ -37,7 +37,7 @@ const static char *TAG = "Openssl_demo";
 
 #define OPENSSL_DEMO_SERVER_ACK "HTTP/1.1 200 OK\r\n" \
                                 "Content-Type: text/html\r\n" \
-                                "Content-Length: 98\r\n" \
+                                "Content-Length: 98\r\n\r\n" \
                                 "<html>\r\n" \
                                 "<head>\r\n" \
                                 "<title>OpenSSL demo</title></head><body>\r\n" \
@@ -71,7 +71,7 @@ static void openssl_demo_thread(void *p)
     const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start;   
 
     ESP_LOGI(TAG, "SSL server context create ......");
-    ctx = SSL_CTX_new(TLS_server_method());
+    ctx = SSL_CTX_new(TLSv1_2_server_method());
     if (!ctx) {
         ESP_LOGI(TAG, "failed");
         goto failed1;

From 39c546d63f23725ab724d99ddcb3e2f31fbb89f8 Mon Sep 17 00:00:00 2001
From: Angus Gratton <angus@espressif.com>
Date: Wed, 15 Feb 2017 17:18:01 +1100
Subject: [PATCH 2/2] openssl_server example: Roll back to TLS_server_method()
 for compatibility

Add a comment recommending TLS v1.2.
---
 examples/protocols/openssl_server/main/openssl_server.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/examples/protocols/openssl_server/main/openssl_server.c b/examples/protocols/openssl_server/main/openssl_server.c
index 7569124f7f4..c74bb0e41f6 100755
--- a/examples/protocols/openssl_server/main/openssl_server.c
+++ b/examples/protocols/openssl_server/main/openssl_server.c
@@ -71,7 +71,11 @@ static void openssl_demo_thread(void *p)
     const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start;   
 
     ESP_LOGI(TAG, "SSL server context create ......");
-    ctx = SSL_CTX_new(TLSv1_2_server_method());
+    /* For security reasons, it is best if you can use
+       TLSv1_2_server_method() here instead of TLS_server_method().
+       However some old browsers may not support TLS v1.2.
+    */
+    ctx = SSL_CTX_new(TLS_server_method());
     if (!ctx) {
         ESP_LOGI(TAG, "failed");
         goto failed1;