openssl_server example: Roll back to TLS_server_method() for compatib…

…ility Add a comment recommending TLS v1.2.
espressif · Feb 15, 2017 · 39c546d · 39c546d
1 parent dcd5c5b
commit 39c546d
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/examples/protocols/openssl_server/main/openssl_server.c b/examples/protocols/openssl_server/main/openssl_server.c
@@ -71,7 +71,11 @@ static void openssl_demo_thread(void *p)
     const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start;   
 
     ESP_LOGI(TAG, "SSL server context create ......");
-    ctx = SSL_CTX_new(TLSv1_2_server_method());
+    /* For security reasons, it is best if you can use
+       TLSv1_2_server_method() here instead of TLS_server_method().
+       However some old browsers may not support TLS v1.2.
+    */
+    ctx = SSL_CTX_new(TLS_server_method());
     if (!ctx) {
         ESP_LOGI(TAG, "failed");
         goto failed1;