Question about TLS 1.2 supportΒ #144
Description
Hi, thanks for the project!
I noticed that xdebug.org only accepts TLS 1.3 connections and does not support TLS 1.1/1.2. Is it a deliberate security policy? Would it be possible to support TLS 1.2 as well?
PS> nmap --script ssl-enum-ciphers -p 443 xdebug.org
Starting Nmap 7.98 ( https://nmap.org ) at 2025-12-14
Nmap scan report for xdebug.org
Host is up (0.0020s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.3:
| ciphers:
| TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
| cipher preference: client
|_ least strength: A
Nmap done: 1 IP address (1 host up) scanned in 4.75 secondsPS> openssl s_client -connect xdebug.org:443 -tls1_2
CONNECTED(00000170)
B4110000:error:0A00042E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:ssl\record\rec_layer_s3.c:916:SSL alert number 70
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 208 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Protocol: TLSv1.2
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1766035426
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
B4110000:error:0A000197:SSL routines:SSL_shutdown:shutdown while in init:ssl\ssl_lib.c:2834: