From e6038ad3427bebdfca7f49d9c66d8bf382361c5e Mon Sep 17 00:00:00 2001
From: Adriana Gonzalez <adriana.gonzalez@schneider-electric.com>
Date: Fri, 5 Feb 2021 09:59:50 +0000
Subject: [PATCH 1/3] remove incompatible socket options when using only TLS1.3

---
 lib/plug/cowboy.ex | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/lib/plug/cowboy.ex b/lib/plug/cowboy.ex
index 6fd5d59..9a98056 100644
--- a/lib/plug/cowboy.ex
+++ b/lib/plug/cowboy.ex
@@ -223,12 +223,18 @@ defmodule Plug.Cowboy do
         :https ->
           %{socket_opts: socket_opts} = transport_opts
 
-          socket_opts =
-            socket_opts
-            |> Keyword.put_new(:next_protocols_advertised, ["h2", "http/1.1"])
-            |> Keyword.put_new(:alpn_preferred_protocols, ["h2", "http/1.1"])
-
-          {:ranch_ssl, :cowboy_tls, %{transport_opts | socket_opts: socket_opts}}
+          updated_opts =
+            if List.keyfind(socket_opts, :versions, 0) == {:versions, [:"tlsv1.3"]} do
+              socket_opts
+              |> Keyword.delete(:next_protocols_advertised)
+              |> Keyword.delete(:alpn_preferred_protocols)
+            else
+              socket_opts
+              |> Keyword.put_new(:next_protocols_advertised, ["h2", "http/1.1"])
+              |> Keyword.put_new(:alpn_preferred_protocols, ["h2", "http/1.1"])
+            end
+
+          {:ranch_ssl, :cowboy_tls, %{transport_opts | socket_opts: updated_opts}}
       end
 
     {id, start, restart, shutdown, type, modules} =

From 3610de3ad68d440bbd644dc7d304fb72fc134ade Mon Sep 17 00:00:00 2001
From: Adriana Gonzalez <adriana.gonzalez@schneider-electric.com>
Date: Fri, 5 Feb 2021 11:33:46 +0000
Subject: [PATCH 2/3] adding comment to default socket option changes

---
 lib/plug/cowboy.ex | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/plug/cowboy.ex b/lib/plug/cowboy.ex
index 9a98056..8cdf19a 100644
--- a/lib/plug/cowboy.ex
+++ b/lib/plug/cowboy.ex
@@ -225,6 +225,9 @@ defmodule Plug.Cowboy do
 
           updated_opts =
             if List.keyfind(socket_opts, :versions, 0) == {:versions, [:"tlsv1.3"]} do
+              # next_protocols_advertised and alpn_preferred_protocols options are not supported
+              # by the OTP SSL module when earlier version of TLS are not being used.
+              # (i.e. TLS1.2 or earlier versions must be specified as it's not supported in TLS1.3)
               socket_opts
               |> Keyword.delete(:next_protocols_advertised)
               |> Keyword.delete(:alpn_preferred_protocols)

From ab77e8a0a74daa139c749fc42f195de2e36539f2 Mon Sep 17 00:00:00 2001
From: Adriana Gonzalez <adriana.gonzalez@schneider-electric.com>
Date: Mon, 8 Feb 2021 16:21:33 +0000
Subject: [PATCH 3/3] change tlsv1.3 keyfind in options

---
 lib/plug/cowboy.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/plug/cowboy.ex b/lib/plug/cowboy.ex
index 8cdf19a..e87a7f7 100644
--- a/lib/plug/cowboy.ex
+++ b/lib/plug/cowboy.ex
@@ -224,7 +224,7 @@ defmodule Plug.Cowboy do
           %{socket_opts: socket_opts} = transport_opts
 
           updated_opts =
-            if List.keyfind(socket_opts, :versions, 0) == {:versions, [:"tlsv1.3"]} do
+            if socket_opts[:versions] == [:"tlsv1.3"] do
               # next_protocols_advertised and alpn_preferred_protocols options are not supported
               # by the OTP SSL module when earlier version of TLS are not being used.
               # (i.e. TLS1.2 or earlier versions must be specified as it's not supported in TLS1.3)