From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Fri, 15 Jun 2018 15:26:36 +0000 (-0400)
Subject: Mirror TLS changes from master.
X-Git-Tag: v2.2.9~52
X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fcups.git;a=commitdiff_plain;h=91f20f169538d87a166c0cc900beb0d908f7092a

Mirror TLS changes from master.
---

diff --git a/cups/tls-darwin.c b/cups/tls-darwin.c
index 9aa316bf4..c4f0ccb24 100644
--- a/cups/tls-darwin.c
+++ b/cups/tls-darwin.c
@@ -1228,14 +1228,16 @@ _httpTLSStart(http_t *http)		/* I - HTTP connection */
       kTLSProtocol1,
       kTLSProtocol11,
       kTLSProtocol12,
-      kTLSProtocol12, /* TODO: update to 1.3 when 1.3 is supported */
-      kTLSProtocol12  /* TODO: update to 1.3 when 1.3 is supported */
+      kTLSProtocol13
     };
 
-    error = SSLSetProtocolVersionMin(http->tls, protocols[tls_min_version]);
-    DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin(%d), error=%d", protocols[tls_min_version], (int)error));
+    if (tls_min_version < _HTTP_TLS_MAX)
+    {
+      error = SSLSetProtocolVersionMin(http->tls, protocols[tls_min_version]);
+      DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin(%d), error=%d", protocols[tls_min_version], (int)error));
+    }
 
-    if (!error)
+    if (!error && tls_max_version < _HTTP_TLS_MAX)
     {
       error = SSLSetProtocolVersionMax(http->tls, protocols[tls_max_version]);
       DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMax(%d), error=%d", protocols[tls_max_version], (int)error));