Mirror TLS changes from master.

diff --git a/cups/tls-darwin.c b/cups/tls-darwin.c
index 9aa316bf456669bbef31d65fc1a3d5d58a2ab31e..c4f0ccb246eea698948ba24e38edb4ac2f6188b2 100644 (file)
--- a/cups/tls-darwin.c
+++ b/cups/tls-darwin.c
@@ -1228,14 +1228,16 @@ _httpTLSStart(http_t *http)             /* I - HTTP connection */
       kTLSProtocol1,
       kTLSProtocol11,
       kTLSProtocol12,
       kTLSProtocol1,
       kTLSProtocol11,
       kTLSProtocol12,

-      kTLSProtocol12, /* TODO: update to 1.3 when 1.3 is supported */
-      kTLSProtocol12  /* TODO: update to 1.3 when 1.3 is supported */
+      kTLSProtocol13

     };
 
     };
 

-    error = SSLSetProtocolVersionMin(http->tls, protocols[tls_min_version]);
-    DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin(%d), error=%d", protocols[tls_min_version], (int)error));
+    if (tls_min_version < _HTTP_TLS_MAX)
+    {
+      error = SSLSetProtocolVersionMin(http->tls, protocols[tls_min_version]);
+      DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin(%d), error=%d", protocols[tls_min_version], (int)error));
+    }

 
 

-    if (!error)
+    if (!error && tls_max_version < _HTTP_TLS_MAX)

     {
       error = SSLSetProtocolVersionMax(http->tls, protocols[tls_max_version]);
       DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMax(%d), error=%d", protocols[tls_max_version], (int)error));
     {
       error = SSLSetProtocolVersionMax(http->tls, protocols[tls_max_version]);
       DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMax(%d), error=%d", protocols[tls_max_version], (int)error));