From bd71ba998a48984741479fdf5577c4ccf70b878b Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 19 Jul 2015 01:33:29 -0700
Subject: [PATCH] TLS: Allow tls-min-version=1.3 configuration

Bounds limiting was restricting configuration to <1.2 since those are
the currently available TLS versions. But 1.3 is upcoming and may be
used within the lifetime of this Squid version.

 Detected by Coverity Scan. Issue 1311636
---
 src/security/PeerOptions.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc
index da19b0177f..26b8e74d04 100644
--- a/src/security/PeerOptions.cc
+++ b/src/security/PeerOptions.cc
@@ -122,9 +122,9 @@ Security::PeerOptions::updateTlsVersionLimits()
     if (!tlsMinVersion.isEmpty()) {
         ::Parser::Tokenizer tok(tlsMinVersion);
         int64_t v = 0;
-        if (tok.skip('1') && tok.skip('.') && tok.int64(v, 10, false, 1) && v <= 2) {
+        if (tok.skip('1') && tok.skip('.') && tok.int64(v, 10, false, 1) && v <= 3) {
             // only account for TLS here - SSL versions are handled by options= parameter
-            // avoid affectign options= parameter in cachemgr config report
+            // avoid affecting options= parameter in cachemgr config report
 #if SSL_OP_NO_TLSv1
             if (v > 0)
                 parsedOptions |= SSL_OP_NO_TLSv1;
-- 
2.47.3