From: Peter Eisentraut <peter@eisentraut.org>
Date: Mon, 24 Jun 2019 20:23:19 +0000 (+0200)
Subject: Add support for TLSv1.3 enabling and disabling
X-Git-Tag: pgbouncer_1_10_0~6
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a6554b83eaecfaadbfdfcd4cdecee87b282e4e73;p=pgbouncer

Add support for TLSv1.3 enabling and disabling

It already worked automatically; this just adds the options to enable
and disable the protocol version explicitly.
---

diff --git a/doc/config.md b/doc/config.md
index d7d8f87..b06d6b9 100644
--- a/doc/config.md
+++ b/doc/config.md
@@ -551,8 +551,8 @@ Default: unset.
 
 ### client_tls_protocols
 
-Which TLS protocol versions are allowed.  Allowed values: `tlsv1.0`, `tlsv1.1`, `tlsv1.2`.
-Shortcuts: `all` (tlsv1.0,tlsv1.1,tlsv1.2), `secure` (tlsv1.2), `legacy` (all).
+Which TLS protocol versions are allowed.  Allowed values: `tlsv1.0`, `tlsv1.1`, `tlsv1.2`, `tlsv1.3`.
+Shortcuts: `all` (tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3), `secure` (tlsv1.2,tlsv1.3), `legacy` (all).
 
 Default: `all`
 
@@ -626,8 +626,8 @@ Default: not set.
 
 ### server_tls_protocols
 
-Which TLS protocol versions are allowed.  Allowed values: `tlsv1.0`, `tlsv1.1`, `tlsv1.2`.
-Shortcuts: `all` (tlsv1.0,tlsv1.1,tlsv1.2), `secure` (tlsv1.2), `legacy` (all).
+Which TLS protocol versions are allowed.  Allowed values: `tlsv1.0`, `tlsv1.1`, `tlsv1.2`, `tlsv1.3`.
+Shortcuts: `all` (tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3), `secure` (tlsv1.2,tlsv1.3), `legacy` (all).
 
 Default: `all`
 
diff --git a/etc/pgbouncer.ini b/etc/pgbouncer.ini
index 67cc94e..fed6db1 100644
--- a/etc/pgbouncer.ini
+++ b/etc/pgbouncer.ini
@@ -68,7 +68,7 @@ listen_port = 6432
 ;; fast, normal, secure, legacy, <ciphersuite string>
 ;client_tls_ciphers = fast
 
-;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2
+;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3
 ;client_tls_protocols = all
 
 ;; none, auto, legacy
@@ -92,7 +92,7 @@ listen_port = 6432
 ;server_tls_key_file =
 ;server_tls_cert_file =
 
-;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2
+;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3
 ;server_tls_protocols = all
 
 ;; fast, normal, secure, legacy, <ciphersuite string>
diff --git a/lib b/lib
index ada40b0..404edd3 160000
--- a/lib
+++ b/lib
@@ -1 +1 @@
-Subproject commit ada40b0f544971fd822b422ef37061a4f5abf2ac
+Subproject commit 404edd367c7eb458b6ee48b521e6f70502a7b719