From 3ff6036346703bd04994c87c2dc4e86fe8d5df44 Mon Sep 17 00:00:00 2001
From: EuAndreh <eu@euandre.org>
Date: Thu, 9 May 2024 11:26:55 -0300
Subject: system.scm: Stick to TLSv1.3 only

---
 src/infrastructure/guix/system.scm | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/infrastructure/guix/system.scm b/src/infrastructure/guix/system.scm
index ab44194..5ff5e37 100644
--- a/src/infrastructure/guix/system.scm
+++ b/src/infrastructure/guix/system.scm
@@ -413,9 +413,7 @@
                          "#)))))
                (raw-content
                  '(#"-
-                     # BearSSL still doesn't TLSv1.3, so we deem TLSv1.2 as
-                     # acceptable
-                     ssl_protocols TLSv1.2 TLSv1.3;
+                     ssl_protocols TLSv1.3;
                      ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
                      ssl_prefer_server_ciphers on;
                      gzip off;  # Disable compression altogether due to BREACH
-- 
cgit v1.2.3