From 0ef729a9735ca7739b49b7e72fc9f0cb6ba7aa8c Mon Sep 17 00:00:00 2001
From: Sebastian Schreiber <sebastian.schreiber@jtl-software.com>
Date: Wed, 13 Jul 2022 11:56:02 +0200
Subject: [PATCH] Allow usage of future security protocols (e.g. TLS 1.3) for
 the update source

---
 src/Squirrel/Utility.cs | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/Squirrel/Utility.cs b/src/Squirrel/Utility.cs
index e843f5f2b..a5b7048e7 100644
--- a/src/Squirrel/Utility.cs
+++ b/src/Squirrel/Utility.cs
@@ -104,8 +104,15 @@ public static string CalculateStreamSHA1(Stream file)
 
         public static WebClient CreateWebClient()
         {
-            // WHY DOESNT IT JUST DO THISSSSSSSS
-            System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
+            // enable TLS support
+            // TLS 1.0 and 1.1 are enabled for backward compatibility and should be disabled in the future
+            // for security reasons
+            ServicePointManager.SecurityProtocol |=
+                SecurityProtocolType.Tls12 |
+                SecurityProtocolType.Tls11 |
+                SecurityProtocolType.Tls;
+            // disable SSLv3 support for security reasons
+            ServicePointManager.SecurityProtocol &= ~SecurityProtocolType.Ssl3;
 
             var ret = new WebClient();
             var wp = WebRequest.DefaultWebProxy;