From 639a8c7871d20caaaeb61b8952c639aa45f3251e Mon Sep 17 00:00:00 2001
From: Mark Janssen <mark@praseodym.net>
Date: Sat, 2 May 2020 13:29:27 +0200
Subject: [PATCH] Enable TLSv1.3 by default

Fix for 049b25e566862c627b16a1698ebe68fc1e5b20b2 which mistakenly only
updated documentation.
---
 internal/ingress/controller/config/config.go | 2 +-
 test/e2e/settings/tls.go                     | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go
index ae60cacdd..b39145957 100644
--- a/internal/ingress/controller/config/config.go
+++ b/internal/ingress/controller/config/config.go
@@ -70,7 +70,7 @@ const (
 
 	// SSL enabled protocols to use
 	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
-	sslProtocols = "TLSv1.2"
+	sslProtocols = "TLSv1.2 TLSv1.3"
 
 	// Disable TLS 1.3 early data
 	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
diff --git a/test/e2e/settings/tls.go b/test/e2e/settings/tls.go
index ef980f384..2b8b098c8 100644
--- a/test/e2e/settings/tls.go
+++ b/test/e2e/settings/tls.go
@@ -64,7 +64,10 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 		})
 
 		ginkgo.It("setting cipher suite", func() {
-			f.UpdateNginxConfigMapData(sslCiphers, testCiphers)
+			f.SetNginxConfigMapData(map[string]string{
+				sslCiphers:   testCiphers,
+				sslProtocols: "TLSv1.2",
+			})
 
 			f.WaitForNginxConfiguration(
 				func(cfg string) bool {