From eb634369b8dd3ede3db3ca3a929a6df0f88aaaf7 Mon Sep 17 00:00:00 2001
From: Athishpranav2003 <athishanna@gmail.com>
Date: Sun, 9 Mar 2025 03:36:23 +0530
Subject: [PATCH 1/2] changed https opts in out-http

Signed-off-by: Athishpranav2003 <athishanna@gmail.com>
---
 lib/fluent/plugin/out_http.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/fluent/plugin/out_http.rb b/lib/fluent/plugin/out_http.rb
index 1ca3910456..2cac321cc5 100644
--- a/lib/fluent/plugin/out_http.rb
+++ b/lib/fluent/plugin/out_http.rb
@@ -270,7 +270,8 @@ def setup_http_option
                               OpenSSL::SSL::VERIFY_PEER
                             end
         opt[:ciphers] = @tls_ciphers
-        opt[:ssl_version] = @tls_version
+        opt[:min_version] = Fluent::TLS::DEFAULT_VERSION
+        opt[:max_version] = @tls_version
       end
 
       opt

From 8d8818ccd170736863d88f606dc1d7ad03fbd2f5 Mon Sep 17 00:00:00 2001
From: Athishpranav2003 <athishanna@gmail.com>
Date: Sun, 9 Mar 2025 14:58:53 +0530
Subject: [PATCH 2/2] fixed webrick

Signed-off-by: Athishpranav2003 <athishanna@gmail.com>
---
 lib/fluent/plugin/out_http.rb | 4 ++--
 lib/fluent/tls.rb             | 2 +-
 test/plugin/test_out_http.rb  | 2 ++
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/fluent/plugin/out_http.rb b/lib/fluent/plugin/out_http.rb
index 2cac321cc5..8463d189ef 100644
--- a/lib/fluent/plugin/out_http.rb
+++ b/lib/fluent/plugin/out_http.rb
@@ -270,8 +270,8 @@ def setup_http_option
                               OpenSSL::SSL::VERIFY_PEER
                             end
         opt[:ciphers] = @tls_ciphers
-        opt[:min_version] = Fluent::TLS::DEFAULT_VERSION
-        opt[:max_version] = @tls_version
+        opt[:min_version] = Fluent::TLS::METHODS_MAP[@tls_version]
+        opt[:max_version] = Fluent::TLS::METHODS_MAP[@tls_version]
       end
 
       opt
diff --git a/lib/fluent/tls.rb b/lib/fluent/tls.rb
index f69344fa2d..f3a0e39569 100644
--- a/lib/fluent/tls.rb
+++ b/lib/fluent/tls.rb
@@ -48,7 +48,7 @@ module TLS
                     MIN_MAX_AVAILABLE = false
                     map
                   end
-    private_constant :METHODS_MAP
+    # private_constant :METHODS_MAP
 
     # Helper for old syntax/method support:
     # ruby 2.4 uses ssl_version= but this method is now deprecated.
diff --git a/test/plugin/test_out_http.rb b/test/plugin/test_out_http.rb
index 5d3b89089c..74b31cc71e 100644
--- a/test/plugin/test_out_http.rb
+++ b/test/plugin/test_out_http.rb
@@ -501,6 +501,7 @@ def server_config
       # WEBrick supports self-generated self-signed certificate
       config[:SSLEnable] = true
       config[:SSLCertName] = [["CN", WEBrick::Utils::getservername]]
+      config[:SSLMaxVersion] = OpenSSL::SSL::TLS1_3_VERSION
       config
     end
 
@@ -512,6 +513,7 @@ def test_write_with_https
       d = create_driver(%[
         endpoint https://127.0.0.1:#{server_port}/test
         tls_verify_mode none
+        tls_version TLSv1_3
         ssl_timeout 2s
       ])
       d.run(default_tag: 'test.http') do