From 3ec5d693425343a660415c2ca9ee91f49a1a47ad Mon Sep 17 00:00:00 2001
From: Brian Wood <woodbe@google.com>
Date: Thu, 8 Dec 2022 10:07:09 -0500
Subject: [PATCH] Explicitly preclude earlier than TLS 1.2

The current text would preclude supporting any updates to 1.2, 1.3 or future releases without an update to the Package. This explicitly precludes the use of anything older than 1.2 but would still allow support for future versions without causing problems that may require special operating modes to block certain functions (and potentially break a lot of access).
---
 input/tls.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/input/tls.xml b/input/tls.xml
index 3f08172..73319a8 100644
--- a/input/tls.xml
+++ b/input/tls.xml
@@ -327,7 +327,7 @@
                 <selectable id="tlsc_downgrade_protection">supplemental downgrade protection</selectable>
                 <selectable id="tlsc_resumption">session resumption</selectable>
                 <selectable>no optional functionality</selectable></selectables>
-              and shall abort attempts by a server to negotiate all other TLS or SSL versions. 
+              and shall abort attempts by a server to negotiate any TLS or SSL version prior to TLS 1.2 (RFC 5246). 
             </title>
             <note role="application">
               <h:p>