From e360cb1f0c25bd1560255ab9a002350190e4e64f Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 23 Jun 2020 19:56:27 +0100
Subject: [PATCH] Revert "Disable TLSv1.3 for upstream connections from squid
 on Ubuntu 20.04"

This reverts commit 8593050ae6de42adadb959f976693ea3a0f1278f.
---
 cookbooks/tilecache/templates/default/squid.conf.erb | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/cookbooks/tilecache/templates/default/squid.conf.erb b/cookbooks/tilecache/templates/default/squid.conf.erb
index 02b266a50..55415a4ac 100644
--- a/cookbooks/tilecache/templates/default/squid.conf.erb
+++ b/cookbooks/tilecache/templates/default/squid.conf.erb
@@ -38,10 +38,8 @@ acl tile_caches src <%= address %>
 # Primary Parent
 <% if node[:squid][:version] < 4 -%>
 cache_peer <%= node[:tilecache][:tile_parent] %> parent 443 0 no-query originserver name=osmtileAccel login=PASS connect-timeout=120 no-digest weight=1000 ssl ssldomain=render.openstreetmap.org
-<% elif node[:lsb][:release].to_f < 20.04 -%>
-cache_peer <%= node[:tilecache][:tile_parent] %> parent 443 0 no-query originserver name=osmtileAccel login=PASS connect-timeout=120 no-digest weight=1000 tls tlsdomain=render.openstreetmap.org
 <% else -%>
-cache_peer <%= node[:tilecache][:tile_parent] %> parent 443 0 no-query originserver name=osmtileAccel login=PASS connect-timeout=120 no-digest weight=1000 tls tlsdomain=render.openstreetmap.org tls-options=NORMAL:-VERS-TLS1.3
+cache_peer <%= node[:tilecache][:tile_parent] %> parent 443 0 no-query originserver name=osmtileAccel login=PASS connect-timeout=120 no-digest weight=1000 tls tlsdomain=render.openstreetmap.org
 <% end -%>
 cache_peer_access osmtileAccel allow osmtile_sites
 
@@ -49,10 +47,8 @@ cache_peer_access osmtileAccel allow osmtile_sites
 <% @renders.each do |renders| -%>
 <% if node[:squid][:version] < 4 -%>
 cache_peer <%= renders[:hostname] %>.render.openstreetmap.org parent 443 0 no-query originserver name=osmtileAccelBackup<%= renders[:hostname] %> login=PASS connect-timeout=60 no-digest weight=10 ssl ssldomain=render.openstreetmap.org
-<% elif node[:lsb][:release].to_f < 20.04 -%>
-cache_peer <%= renders[:hostname] %>.render.openstreetmap.org parent 443 0 no-query originserver name=osmtileAccelBackup<%= renders[:hostname] %> login=PASS connect-timeout=60 no-digest weight=10 tls tlsdomain=render.openstreetmap.org
 <% else -%>
-cache_peer <%= renders[:hostname] %>.render.openstreetmap.org parent 443 0 no-query originserver name=osmtileAccelBackup<%= renders[:hostname] %> login=PASS connect-timeout=60 no-digest weight=10 tls tlsdomain=render.openstreetmap.org tls-options=NORMAL:-VERS-TLS1.3
+cache_peer <%= renders[:hostname] %>.render.openstreetmap.org parent 443 0 no-query originserver name=osmtileAccelBackup<%= renders[:hostname] %> login=PASS connect-timeout=60 no-digest weight=10 tls tlsdomain=render.openstreetmap.org
 <% end -%>
 cache_peer_access osmtileAccelBackup<%= renders[:hostname] %> allow osmtile_sites
 <% end -%>
-- 
2.39.5