If no TLS configuration is provided by the user, the websocket package constructs its own TLS configuration using recommended defaults.
github.com/advisories/GHSA-h289-x5wc-xcv8
github.com/mellium/xmpp/security/advisories/GHSA-h289-x5wc-xcv8