From 69451fe969bfadb779bed4eecc46f604800bdd0d Mon Sep 17 00:00:00 2001
From: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Thu, 12 Dec 2024 19:07:55 +0000
Subject: [PATCH] Specify TLS 1.2-TLS 1.3 supported range for client
 connections

Should fix #1208.
---
 src/core/link_quic.go  | 2 ++
 src/core/link_socks.go | 2 ++
 src/core/link_tls.go   | 2 ++
 src/core/link_wss.go   | 2 ++
 4 files changed, 8 insertions(+)

diff --git a/src/core/link_quic.go b/src/core/link_quic.go
index ffb69a6d..d23ab184 100644
--- a/src/core/link_quic.go
+++ b/src/core/link_quic.go
@@ -54,6 +54,8 @@ func (l *linkQUIC) dial(ctx context.Context, url *url.URL, info linkInfo, option
 	tlsconfig := l.tlsconfig.Clone()
 	return l.links.findSuitableIP(url, func(hostname string, ip net.IP, port int) (net.Conn, error) {
 		tlsconfig.ServerName = hostname
+		tlsconfig.MinVersion = tls.VersionTLS12
+		tlsconfig.MaxVersion = tls.VersionTLS13
 		hostport := net.JoinHostPort(ip.String(), fmt.Sprintf("%d", port))
 		qc, err := quic.DialAddr(ctx, hostport, l.tlsconfig, l.quicconfig)
 		if err != nil {
diff --git a/src/core/link_socks.go b/src/core/link_socks.go
index f33cd190..495c8233 100644
--- a/src/core/link_socks.go
+++ b/src/core/link_socks.go
@@ -51,6 +51,8 @@ func (l *linkSOCKS) dial(_ context.Context, url *url.URL, info linkInfo, options
 		}
 		if url.Scheme == "sockstls" {
 			tlsconfig.ServerName = hostname
+			tlsconfig.MinVersion = tls.VersionTLS12
+			tlsconfig.MaxVersion = tls.VersionTLS13
 			if sni := options.tlsSNI; sni != "" {
 				tlsconfig.ServerName = sni
 			}
diff --git a/src/core/link_tls.go b/src/core/link_tls.go
index da3c7791..55da8597 100644
--- a/src/core/link_tls.go
+++ b/src/core/link_tls.go
@@ -35,6 +35,8 @@ func (l *linkTLS) dial(ctx context.Context, url *url.URL, info linkInfo, options
 	tlsconfig := l.config.Clone()
 	return l.links.findSuitableIP(url, func(hostname string, ip net.IP, port int) (net.Conn, error) {
 		tlsconfig.ServerName = hostname
+		tlsconfig.MinVersion = tls.VersionTLS12
+		tlsconfig.MaxVersion = tls.VersionTLS13
 		if sni := options.tlsSNI; sni != "" {
 			tlsconfig.ServerName = sni
 		}
diff --git a/src/core/link_wss.go b/src/core/link_wss.go
index 1a8d571f..1d618324 100644
--- a/src/core/link_wss.go
+++ b/src/core/link_wss.go
@@ -34,6 +34,8 @@ func (l *linkWSS) dial(ctx context.Context, url *url.URL, info linkInfo, options
 	tlsconfig := l.tlsconfig.Clone()
 	return l.links.findSuitableIP(url, func(hostname string, ip net.IP, port int) (net.Conn, error) {
 		tlsconfig.ServerName = hostname
+		tlsconfig.MinVersion = tls.VersionTLS12
+		tlsconfig.MaxVersion = tls.VersionTLS13
 		u := *url
 		u.Host = net.JoinHostPort(ip.String(), fmt.Sprintf("%d", port))
 		addr := &net.TCPAddr{