From 537cc776542dc09026224ca66ef6b37ad1173518 Mon Sep 17 00:00:00 2001
From: lawnjelly <lawnjelly@gmail.com>
Date: Mon, 6 Oct 2025 09:52:10 +0100
Subject: [PATCH] Default tlsv1.3 to false in Project / EditorSettings

---
 doc/classes/ProjectSettings.xml    | 2 +-
 editor/editor_settings.cpp         | 2 +-
 modules/mbedtls/register_types.cpp | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/classes/ProjectSettings.xml b/doc/classes/ProjectSettings.xml
index 9b70bab6bf1..ec35a2740b3 100644
--- a/doc/classes/ProjectSettings.xml
+++ b/doc/classes/ProjectSettings.xml
@@ -1312,7 +1312,7 @@
 			The CA certificates bundle to use for SSL connections. If this is set to a non-empty value, this will [i]override[/i] Godot's default [url=https://github.com/godotengine/godot/blob/master/thirdparty/certs/ca-certificates.crt]Mozilla certificate bundle[/url]. If left empty, the default certificate bundle will be used.
 			If in doubt, leave this setting empty.
 		</member>
-		<member name="network/ssl/enable_tls_v1.3" type="bool" setter="" getter="" default="true">
+		<member name="network/ssl/enable_tls_v1.3" type="bool" setter="" getter="" default="false">
 			If [code]true[/code], enable TLSv1.3 negotiation.
 			[b]Note:[/b] Only supported when using Mbed TLS 3.0 or later (Linux distribution packages may be compiled against older system Mbed TLS packages), otherwise the maximum supported TLS version is always TLSv1.2.
 		</member>
diff --git a/editor/editor_settings.cpp b/editor/editor_settings.cpp
index 456229f2cf1..5603dba1f08 100644
--- a/editor/editor_settings.cpp
+++ b/editor/editor_settings.cpp
@@ -677,7 +677,7 @@ void EditorSettings::_load_defaults(Ref<ConfigFile> p_extra_config) {
 	// SSL
 	_initial_set("network/ssl/editor_ssl_certificates", _SYSTEM_CERTS_PATH);
 	hints["network/ssl/editor_ssl_certificates"] = PropertyInfo(Variant::STRING, "network/ssl/editor_ssl_certificates", PROPERTY_HINT_GLOBAL_FILE, "*.crt,*.pem", PROPERTY_USAGE_DEFAULT | PROPERTY_USAGE_RESTART_IF_CHANGED);
-	_initial_set("network/ssl/enable_tls_v1.3", true);
+	_initial_set("network/ssl/enable_tls_v1.3", false);
 
 	// HTTP Proxy
 	_initial_set("network/http_proxy/host", "");
diff --git a/modules/mbedtls/register_types.cpp b/modules/mbedtls/register_types.cpp
index 5d0b1be77ec..8e85db9080f 100644
--- a/modules/mbedtls/register_types.cpp
+++ b/modules/mbedtls/register_types.cpp
@@ -73,7 +73,7 @@ int godot_mbedtls_mutex_unlock(mbedtls_threading_mutex_t *p_mutex) {
 #endif
 
 void register_mbedtls_types() {
-	GLOBAL_DEF("network/ssl/enable_tls_v1.3", true);
+	GLOBAL_DEF("network/ssl/enable_tls_v1.3", false);
 
 #ifdef GODOT_MBEDTLS_THREADING_ALT
 	mbedtls_threading_set_alt(