Upstream: Yes
Reason: Without this patch certain TLS1.2 bahavior tests fail as TLS1.3 is chosen by default
Url: https://github.com/h2o/h2o/commit/442908871b935311c903d2d234708b3de9b40fd5
--- a/t/40ssl-cipher-suite.t
+++ b/t/40ssl-cipher-suite.t
@@ -32,7 +32,7 @@
 );
 
 # connect to the server with AES256-SHA as the first choice, and check that AES128-SHA was selected
-my $log = `openssl s_client -cipher AES256-SHA:AES128-SHA -host 127.0.0.1 -port $port < /dev/null 2>&1`;
+my $log = `openssl s_client -cipher AES256-SHA:AES128-SHA -host 127.0.0.1 -port $port -tls1_2 < /dev/null 2>&1`;
 like $log, qr/^\s*Cipher\s*:\s*AES128-SHA\s*$/m;
 
 done_testing;
--- a/t/50access-log.t
+++ b/t/50access-log.t
@@ -168,7 +168,7 @@
         sub {
             my $server = shift;
             system("curl --silent http://127.0.0.1:$server->{port}/ > /dev/null");
-            system("curl --silent --insecure @{[curl_supports_http2() ? ' --http1.1' : '']} https://127.0.0.1:$server->{tls_port}/ > /dev/null");
+            system("curl --silent --insecure @{[curl_supports_http2() ? ' --http1.1' : '']} https://127.0.0.1:$server->{tls_port}/ --tls-max 1.2 > /dev/null");
             if (prog_exists("nghttp")) {
                 system("nghttp -n https://127.0.0.1:$server->{tls_port}/");
                 system("nghttp -n --weight=22 https://127.0.0.1:$server->{tls_port}/");