From 08c845cfdb66b8a4e61f92ec512ae41d9700b9ec Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 28 Jun 2018 23:05:05 +0200
Subject: [PATCH] openssl: allow TLS 1.3 by default

Reported-by: Andreas Olsson
Fixes #2692
Closes #2693
---
 docs/cmdline-opts/tlsv1.d | 4 ++--
 lib/vtls/openssl.c        | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/cmdline-opts/tlsv1.d b/docs/cmdline-opts/tlsv1.d
index 9c9f6b3f5..4cb405697 100644
--- a/docs/cmdline-opts/tlsv1.d
+++ b/docs/cmdline-opts/tlsv1.d
@@ -8,5 +8,5 @@ Requires: TLS
 See-also: http1.1 http2
 Help: Use TLSv1.0 or greater
 ---
-Tells curl to use TLS version 1.x when negotiating with a remote TLS
-server. That means TLS version 1.0, 1.1 or 1.2.
+Tells curl to use at least TLS version 1.x when negotiating with a remote TLS
+server. That means TLS version 1.0 or higher
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 4731107f2..225b4cbd1 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2130,12 +2130,12 @@ set_ssl_version_min_max(long *ctx_options, struct connectdata *conn,
 #endif
       /* FALLTHROUGH */
     case CURL_SSLVERSION_MAX_TLSv1_2:
-    case CURL_SSLVERSION_MAX_DEFAULT:
 #ifdef TLS1_3_VERSION
       *ctx_options |= SSL_OP_NO_TLSv1_3;
 #endif
       break;
     case CURL_SSLVERSION_MAX_TLSv1_3:
+    case CURL_SSLVERSION_MAX_DEFAULT:
 #ifdef TLS1_3_VERSION
       break;
 #else