Merge pull request #15483 from jmhbnz/release-3.5-backport

[3.5] Backport tls 1.3 support

tests/e2e/etcd_config_test.go

@@ -21,6 +21,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
 	"go.etcd.io/etcd/pkg/v3/expect"
 )
 
@@ -374,3 +375,32 @@ func TestBootstrapDefragFlag(t *testing.T) {
 		t.Fatal(err)
 	}
 }
+
+func TestEtcdTLSVersion(t *testing.T) {
+	skipInShortMode(t)
+
+	d := t.TempDir()
+	proc, err := spawnCmd(
+		[]string{
+			binDir + "/etcd",
+			"--data-dir", d,
+			"--name", "e1",
+			"--listen-client-urls", "https://0.0.0.0:0",
+			"--advertise-client-urls", "https://0.0.0.0:0",
+			"--listen-peer-urls", fmt.Sprintf("https://127.0.0.1:%d", etcdProcessBasePort),
+			"--initial-advertise-peer-urls", fmt.Sprintf("https://127.0.0.1:%d", etcdProcessBasePort),
+			"--initial-cluster", fmt.Sprintf("e1=https://127.0.0.1:%d", etcdProcessBasePort),
+			"--peer-cert-file", certPath,
+			"--peer-key-file", privateKeyPath,
+			"--cert-file", certPath2,
+			"--key-file", privateKeyPath2,
+
+			"--tls-min-version", "TLS1.2",
+			"--tls-max-version", "TLS1.3",
+		}, nil,
+	)
+	assert.NoError(t, err)
+	assert.NoError(t, waitReadyExpectProc(proc, etcdServerReadyLines), "did not receive expected output from etcd process")
+	assert.NoError(t, proc.Stop())
+
+}