Don't set maximum TLS version unless it is <max. Support TLS 1.3.

diff --git a/cups/tls-darwin.c b/cups/tls-darwin.c
index 3e3a95daa8f653d7dea7d5512db4592ede5191db..e8c448081d173d109a6b29a124ae333bfbe46331 100644 (file)
--- a/cups/tls-darwin.c
+++ b/cups/tls-darwin.c
@@ -1283,14 +1283,16 @@ _httpTLSStart(http_t *http)             /* I - HTTP connection */
       kTLSProtocol1,
       kTLSProtocol11,
       kTLSProtocol12,
-      kTLSProtocol12, /* TODO: update to 1.3 when 1.3 is supported */
-      kTLSProtocol12  /* TODO: update to 1.3 when 1.3 is supported */
+      kTLSProtocol13
     };
 
-    error = SSLSetProtocolVersionMin(http->tls, protocols[tls_min_version]);
-    DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin(%d), error=%d", protocols[tls_min_version], (int)error));
+    if (tls_min_version < _HTTP_TLS_MAX)
+    {
+      error = SSLSetProtocolVersionMin(http->tls, protocols[tls_min_version]);
+      DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin(%d), error=%d", protocols[tls_min_version], (int)error));
+    }
 
-    if (!error)
+    if (!error && tls_max_version < _HTTP_TLS_MAX)
     {
       error = SSLSetProtocolVersionMax(http->tls, protocols[tls_max_version]);
       DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMax(%d), error=%d", protocols[tls_max_version], (int)error));