From e36bfbbb7d9efb4f2efbe50f2d356b0472553451 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 7 Jan 2026 00:48:04 +0000
Subject: [PATCH 1/3] Initial plan


From efdc23515fe9d91e3721115b3bb04d1b0e69e200 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 7 Jan 2026 00:50:12 +0000
Subject: [PATCH 2/3] Split audit jobs and add legacy rules for TLS 1.0 support

Co-authored-by: s01ipsist <13267+s01ipsist@users.noreply.github.com>
---
 .github/workflows/audit.yml | 35 ++++++++++++++++++++++++++++++++---
 .testssl-rules-legacy.json  |  6 ++++++
 2 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 .testssl-rules-legacy.json

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index 1142231..521105e 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -13,14 +13,13 @@ on:
       - main
 
 jobs:
-  ssl:
+  ssl-standard:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         uri:
           - 'byond.cloud'
-          - 'ivc.byond.pro'
           - 'gmctuat.opusxenta.com'
     steps:
       - name: Checkout
@@ -42,5 +41,35 @@ jobs:
         uses: actions/upload-artifact@v6
         if: always()
         with:
-          name: ssl-results-${{ strategy.job-index }}
+          name: ssl-results-standard-${{ strategy.job-index }}
+          path: testssl_results_*.json
+
+  ssl-legacy:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        uri:
+          - 'ivc.byond.pro'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Test SSL/TLS for ${{ matrix.uri }}
+        uses: s01ipsist/test-ssl-action@main
+        with:
+          uri: ${{ matrix.uri }}
+
+      - name: Audit SSL Results
+        uses: s01ipsist/test-ssl-auditor-action@v1
+        with:
+          results-path: 'testssl_results_*.json'
+          rules-config: '.testssl-rules-legacy.json'
+          fail-on-violation: 'true'
+
+      - name: Upload results
+        uses: actions/upload-artifact@v6
+        if: always()
+        with:
+          name: ssl-results-legacy-${{ strategy.job-index }}
           path: testssl_results_*.json
diff --git a/.testssl-rules-legacy.json b/.testssl-rules-legacy.json
new file mode 100644
index 0000000..bada70c
--- /dev/null
+++ b/.testssl-rules-legacy.json
@@ -0,0 +1,6 @@
+{
+  "rules": {
+    "maxCertificateExpiry": 14,
+    "minGrade": "B"
+  }
+}

From 6df6bab485fc7f2dc118a00f5b6bbfd49e7d6bb4 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 7 Jan 2026 00:51:31 +0000
Subject: [PATCH 3/3] Add explicit permissions to workflow for security

Co-authored-by: s01ipsist <13267+s01ipsist@users.noreply.github.com>
---
 .github/workflows/audit.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index 521105e..c571de6 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -12,6 +12,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   ssl-standard:
     runs-on: ubuntu-latest