From 4f9d1ea7c1b58b337293f483421b23df5b8baa39 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 18 Feb 2026 22:46:14 +0000
Subject: [PATCH] Set minimum TLS version to 1.2 for enhanced security

Explicitly configured ssl_context.minimum_version = TLSVersion.TLSv1_2
to ensure only secure TLS versions are used for syslog connections.

Co-authored-by: seanthegeek <44679+seanthegeek@users.noreply.github.com>
---
 parsedmarc/syslog.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/parsedmarc/syslog.py b/parsedmarc/syslog.py
index 2d1c4c0..d96e56b 100644
--- a/parsedmarc/syslog.py
+++ b/parsedmarc/syslog.py
@@ -108,9 +108,12 @@ class SyslogClient(object):
                         return handler
                     else:
                         # TLS protocol
-                        # Create SSL context
+                        # Create SSL context with secure defaults
                         ssl_context = ssl.create_default_context()
 
+                        # Explicitly set minimum TLS version to 1.2 for security
+                        ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
+
                         # Configure server certificate verification
                         if cafile_path:
                             ssl_context.load_verify_locations(cafile=cafile_path)