if tls_max_version isn't set, default to 1.2

even if we have 1.3.  Because we should only use 1.3 if the
admin explicitly enables it

diff --git a/src/main/tls.c b/src/main/tls.c
index 4fdede5d9694a9457307a226a641860751759234..f71c86476763907232b23ede429911d6dc3133ed 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -3787,7 +3787,7 @@ post_ca:
                 *      time.
                 */
 #if defined(TLS1_3_VERSION)
-               max_version = TLS1_3_VERSION;
+               max_version = TLS1_2_VERSION; /* yes, we only use TLS 1.3 if it's EXPLICITELY ENABLED */
 #elif defined(TLS1_2_VERSION)
                max_version = TLS1_2_VERSION;
 #elif defined(TLS1_1_VERSION)