refactor(pgsql): set the default ssl version to tlsv1.3,tlsv1.2,tlsv1.1

apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf

@@ -22,7 +22,7 @@ auth.pgsql.username = root
 ## PostgreSQL password.
 ##
 ## Value: String
-# auth.pgsql.password =
+#auth.pgsql.password =
 
 ## PostgreSQL database.
 ##
@@ -39,13 +39,13 @@ auth.pgsql.encoding = utf8
 ## Value: on | off
 auth.pgsql.ssl = off
 
-## TLS version
+## TLS version.
-## You can configure multi-version use "," split,
-## default value is :tlsv1.2
-## Example:
-##    tlsv1.1,tlsv1.2,tlsv1.3
 ##
-#auth.pgsql.ssl.tls_versions = tlsv1.2
+## Available enum values:
+##    tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
+##
+## Value: String, seperated by ','
+#auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1
 
 ## SSL keyfile.
 ##

apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema

@@ -36,7 +36,7 @@
 ]}.
 
 {mapping, "auth.pgsql.ssl.tls_versions", "emqx_auth_pgsql.server", [
-  {default, "tlsv1.2"},
+  {default, "tlsv1.3,tlsv1.2,tlsv1.1"},
   {datatype, string}
 ]}.
 
@@ -92,9 +92,9 @@
   SslOpts = fun(Prefix) ->
                 Filter([{keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
                         {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
-                        {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined),
+                        {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
                         {versions, [list_to_existing_atom(Value)
-                                    ||Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}}])
+                                    || Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}])
             end,
 
   %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0