bug: tlsver map missing TLS 1.3 entry causes incorrect Forwarded header for TLS 1.3 connections

[kuishou68]

Bug Description

The tlsver map in proxy/http_headers.go is missing an entry for TLS 1.3 (tls.VersionTLS13). This causes the Forwarded header to contain a raw hex value (0x0304) instead of the human-readable string tls13 for TLS 1.3 connections.

Root Cause

In proxy/http_headers.go, the tlsver map only covers TLS 1.0, 1.1, and 1.2:

var tlsver = map[uint16]string{
    tls.VersionTLS10: "tls10",
    tls.VersionTLS11: "tls11",
    tls.VersionTLS12: "tls12",
    // tls.VersionTLS13 is missing!
}

When a TLS 1.3 connection is made, tlsver[r.TLS.Version] returns an empty string "", and the fallback uint16base16(r.TLS.Version) is used, resulting in the hex value 0x0304 in the Forwarded header:

Forwarded: for=1.2.3.4; proto=https; httpproto=http/1.1; tlsver=0x0304; tlscipher=...

Expected:

Forwarded: for=1.2.3.4; proto=https; httpproto=http/1.1; tlsver=tls13; tlscipher=...

Impact

• Any downstream service or logging system that reads the Forwarded header's tlsver attribute will receive 0x0304 instead of the expected tls13 for TLS 1.3 connections.
• TLS 1.3 is the current recommended TLS version, so this affects most modern clients.
• The existing tests do not cover TLS 1.3 (they only test tls.VersionTLS10).

Fix

Add tls.VersionTLS13: "tls13" to the tlsver map:

var tlsver = map[uint16]string{
    tls.VersionTLS10: "tls10",
    tls.VersionTLS11: "tls11",
    tls.VersionTLS12: "tls12",
    tls.VersionTLS13: "tls13",
}

Also note: the comment directly above this map has a typo — it says uint16base64 but the actual function is named uint16base16.

[kuishou68]

I've opened PR #1030 to fix this issue.