From e25d59ce769fbf571ae00b44e90557f5a0ed5d43 Mon Sep 17 00:00:00 2001
From: Dimitrios Apostolou <dimitrios.apostolou@cfengine.com>
Date: Tue, 5 May 2015 20:03:15 +0200
Subject: [PATCH] Enable TLS protocol by default, for outgoing connections.

---
 libcfnet/client_code.c   | 2 +-
 libpromises/mod_common.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libcfnet/client_code.c b/libcfnet/client_code.c
index 99b5f333acd..22c7bff5efd 100644
--- a/libcfnet/client_code.c
+++ b/libcfnet/client_code.c
@@ -200,6 +200,7 @@ AgentConnection *ServerConnection(const char *server, const char *port,
 
     switch (flags.protocol_version)
     {
+    case CF_PROTOCOL_UNDEFINED:
     case CF_PROTOCOL_TLS:
 
         /* Set the version to request during protocol negotiation. After
@@ -229,7 +230,6 @@ AgentConnection *ServerConnection(const char *server, const char *port,
                  LAST_SEEN_ROLE_CONNECT);
         break;
 
-    case CF_PROTOCOL_UNDEFINED:
     case CF_PROTOCOL_CLASSIC:
 
         conn->conn_info->protocol = CF_PROTOCOL_CLASSIC;
diff --git a/libpromises/mod_common.c b/libpromises/mod_common.c
index e12d09bfb72..652a68160db 100644
--- a/libpromises/mod_common.c
+++ b/libpromises/mod_common.c
@@ -261,7 +261,7 @@ const ConstraintSyntax CFG_CONTROLBODY[COMMON_CONTROL_MAX + 1] =
     ConstraintSyntaxNewBool("fips_mode", "Activate full FIPS mode restrictions. Default value: false", SYNTAX_STATUS_NORMAL),
     ConstraintSyntaxNewReal("bwlimit", CF_VALRANGE, "Limit outgoing protocol bandwidth in Bytes per second", SYNTAX_STATUS_NORMAL),
     ConstraintSyntaxNewBool("cache_system_functions", "Cache the result of system functions. Default value: true", SYNTAX_STATUS_NORMAL),
-    ConstraintSyntaxNewOption("protocol_version", "0,undefined,1,classic,2,latest", "CFEngine protocol version to use when connecting to the server. Default: classic", SYNTAX_STATUS_NORMAL),
+    ConstraintSyntaxNewOption("protocol_version", "0,undefined,1,classic,2,latest", "CFEngine protocol version to use when connecting to the server. Default: \"latest\"", SYNTAX_STATUS_NORMAL),
     ConstraintSyntaxNewOption("tls_ciphers", "", "List of acceptable ciphers in outgoing TLS connections. For syntax help see man page for \"openssl ciphers\"", SYNTAX_STATUS_NORMAL),
     ConstraintSyntaxNewOption("tls_min_version", "", "Minimum acceptable TLS version for outgoing connections. Default is \"1.0\"", SYNTAX_STATUS_NORMAL),
     ConstraintSyntaxNewNull()