TLS 1.0 and 1.1 are being deprecated by various parties due to vulnerabilities. For some background see draft-ietf-tls-oldversions-deprecate-00.
drone-server still uses these versions.
I think this should be disabled, or at least there should be an option/env variable to disable them. What do you guys think about that?
Ideally both TLS versions and supported ciphers should be configurable, the same way that OpenSSL et al. configures with a nice big long confusing string.