grpc/rocsp: Allow use of TLSv1.2 and TLSv1.3 (#6600)

When we clamped our MaxVersion to TLS1.2, there wasn't any
support for TLS1.3 yet. Allowing higher versions to be negotiated
is good.

Fixes #6580

cmd/config.go

@@ -178,10 +178,10 @@ func (t *TLSConfig) Load() (*tls.Config, error) {
 		ClientCAs:    rootCAs,
 		ClientAuth:   tls.RequireAndVerifyClientCert,
 		Certificates: []tls.Certificate{cert},
-		// Set the only acceptable TLS version to 1.2 and the only acceptable cipher suite
-		// to ECDHE-RSA-CHACHA20-POLY1305.
-		MinVersion:   tls.VersionTLS12,
-		MaxVersion:   tls.VersionTLS12,
+		// Set the only acceptable TLS to v1.2 and v1.3.
+		MinVersion: tls.VersionTLS12,
+		MaxVersion: tls.VersionTLS13,
+		// CipherSuites will be ignored for TLS v1.3.
 		CipherSuites: []uint16{tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305},
 	}, nil
 }

test/redis-cluster.config

@@ -28,6 +28,7 @@ user replication-user  on +@all ~* >435e9c4225f08813ef3af7c725f0d30d263b9cd3
 user unittest-rw       on +@all ~* >824968fa490f4ecec1e52d5e34916bdb60d45f8d
 masteruser replication-user
 masterauth 435e9c4225f08813ef3af7c725f0d30d263b9cd3
+tls-protocols "TLSv1.3"
 tls-cert-file /test/redis-tls/redis/cert.pem
 tls-key-file /test/redis-tls/redis/key.pem
 tls-ca-cert-file /test/redis-tls/minica.pem

test/redis.config

@@ -28,6 +28,7 @@ user replication-user  on +@all ~* >435e9c4225f08813ef3af7c725f0d30d263b9cd3
 user unittest-rw       on +@all ~* >824968fa490f4ecec1e52d5e34916bdb60d45f8d
 masteruser replication-user
 masterauth 435e9c4225f08813ef3af7c725f0d30d263b9cd3
+tls-protocols "TLSv1.3"
 tls-cert-file /test/redis-tls/redis/cert.pem
 tls-key-file /test/redis-tls/redis/key.pem
 tls-ca-cert-file /test/redis-tls/minica.pem