From bbe7dff25748455852128196fd7ce4fee0b4e60f Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 31 Dec 2018 16:13:20 +0100
Subject: [PATCH] No TLS1.3 ciphers in cipher_list only when ...

SSL_set_ciphersuites in OpenSSL API.
---
 src/context.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/context.c b/src/context.c
index 1429d5e4..825d6309 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1468,7 +1468,12 @@ static char const * const _getdns_default_trust_anchors_verify_CA =
 static char const * const _getdns_default_trust_anchors_verify_email =
     "dnssec@iana.org";
 
+
 static char const * const _getdns_default_tls_cipher_list =
+#ifndef HAVE_SSL_CTX_SET_CIPHERSUITES
+    "TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:"
+    "TLS13-CHACHA20-POLY1305-SHA256:"
+#endif
     "EECDH+AESGCM:EECDH+CHACHA20";
 
 static char const * const _getdns_default_tls_ciphersuites =