--- /dev/null
+commit 4a495c61ce22c893aed5ee57f6ce0b43c3be59ad
+Author: Frank Denis <github@pureftpd.org>
+Date: Wed Sep 19 23:53:45 2018 +0200
+
+ TLS1.3 compatibility
+
+ Fixes #94
+
+diff --git a/src/tls.c b/src/tls.c
+index c693d3b..f383ed9 100644
+--- a/src/tls.c
++++ b/src/tls.c
+@@ -228,7 +228,16 @@ static void ssl_info_cb(const SSL *cnx, int where, int ret)
+ if ((where & SSL_CB_HANDSHAKE_START) != 0) {
+ if ((cnx == tls_cnx && tls_cnx_handshook != 0) ||
+ (cnx == tls_data_cnx && tls_data_cnx_handshook != 0)) {
+- die(400, LOG_ERR, "TLS renegociation");
++ const SSL_CIPHER *cipher;
++ const char *cipher_version;
++ if ((cipher = SSL_get_current_cipher(cnx)) == NULL ||
++ (cipher_version = SSL_CIPHER_get_version(cipher)) == NULL) {
++ die(400, LOG_ERR, "No cipher");
++ }
++ if (strcmp(cipher_version, "TLSv1.3") != 0) {
++ die(400, LOG_ERR, "TLS renegociation");
++ return;
++ }
+ }
+ return;
+ }
+@@ -264,10 +273,10 @@ int tls_init_library(void)
+ OpenSSL_add_all_algorithms();
+ # else
+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
+- OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
++ OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
+- OPENSSL_INIT_ADD_ALL_DIGESTS |
+- OPENSSL_INIT_LOAD_CONFIG, NULL);
++ OPENSSL_INIT_ADD_ALL_DIGESTS |
++ OPENSSL_INIT_LOAD_CONFIG, NULL);
+ # endif
+ while (RAND_status() == 0) {
+ rnd = zrand();
+commit aa68b2d620ef0c83c7f52213c7e6093722b0b8bd
+Author: Frank Denis <github@pureftpd.org>
+Date: Wed Oct 24 19:19:26 2018 +0200
+
+ Disable TLSv1_1
+
+diff --git a/src/tls.c b/src/tls.c
+index f383ed9..c4e2a1b 100644
+--- a/src/tls.c
++++ b/src/tls.c
+@@ -297,7 +297,7 @@ int tls_init_library(void)
+ SSL_CTX_set_options(tls_ctx, SSL_OP_NO_TLSv1);
+ # endif
+ # ifdef SSL_OP_NO_TLSv1_1
+- SSL_CTX_clear_options(tls_ctx, SSL_OP_NO_TLSv1_1);
++ SSL_CTX_set_options(tls_ctx, SSL_OP_NO_TLSv1_1);
+ # endif
+ # ifdef SSL_OP_NO_TLSv1_2
+ SSL_CTX_clear_options(tls_ctx, SSL_OP_NO_TLSv1_2);