From 7c1110ddb43102b613484dbc3936eedeaaf5a244 Mon Sep 17 00:00:00 2001
From: bol-van <k@vodka.home.kg>
Date: Fri, 10 Dec 2021 15:26:05 +0300
Subject: [PATCH] blockcheck: fixed tls1.3 for possible curl protocol upgrades

---
 blockcheck.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/blockcheck.sh b/blockcheck.sh
index 38b55a4..4d25930 100755
--- a/blockcheck.sh
+++ b/blockcheck.sh
@@ -189,7 +189,7 @@ curl_test_https_tls13()
 
 	# prevent using QUIC if available in curl
 	# force TLS1.3 mode
-	curl -${1}Ss --max-time $CURL_MAX_TIME $CURL_OPT --http1.1 --tlsv1.3 "https://$2" -o /dev/null 2>&1 
+	curl -${1}Ss --max-time $CURL_MAX_TIME $CURL_OPT --http1.1 --tlsv1.3 --tls-max 1.3 "https://$2" -o /dev/null 2>&1 
 }
 
 nfqws_ipt_prepare()
@@ -432,6 +432,8 @@ check_domain()
 		[ $code = $c ] && return
 	done
 
+	echo
+
 	echo preparing tpws redirection
 	tpws_ipt_prepare $2
 
@@ -505,8 +507,8 @@ ask_params()
 	ask_yes_no_var ENABLE_HTTPS_TLS12 "check https tls 1.2"
 
 	ENABLE_HTTPS_TLS13=0
+	echo
 	if curl_supports_tls13; then
-		echo
 		echo "TLS 1.3 is the new standard for encrypted communications over TCP"
 		echo "its the most important feature for DPI bypass is encrypted TLS ServerHello"
 		echo "more and more sites enable TLS 1.3 but still there're many sites with only TLS 1.2 support"