Ticket #48816 - (1.2.11 only) add a nsTLS1.0 on or off new configuration parameter to cn=encryption,cn=config in RHEL 6 389-ds-base
    
    Description: 389-ds-base-1.2.11 has no way to disable TLS1.0.  This patch is
    adding config params nsTLS10, nsTLS11 and nsTLS12 to cn=encryption,cn=config
    so that the definition of nsTLS1 remains intact if the new parameters are not
    specified explicitely.  If nsTLS10, nsTLS11 or nsTLS12 appear in the config
    entry, nsTLS1 is ignored and the new parameters are added.
    
    Default values:
    nsTLS1: on
    nsTLS10,nsTLS11,nsTLS12: ignored
    
    Examples:
      cn=encryption,cn=config
      [no SSL version settings]
        ==> sslVersionMin: TLS1.0
    
      cn=encryption,cn=config
      nsTLS1: on
        ==> sslVersionMin: TLS1.0
    
      cn=encryption,cn=config
      nsTLS1: on | off
      nsTLS10: on
        ==> sslVersionMin: TLS1.0
        ==> Note: nsTLS1 is ignored.
    
      cn=encryption,cn=config
      nsTLS11: on
        ==> sslVersionMin: TLS1.1
    
      cn=encryption,cn=config
      nsTLS12: on
        ==> sslVersionMin: TLS1.2
    
    Special cases:
      If all SSL version config parameters are off, SSL fails to configure.
      cn=encryption,cn=config
      nsTLS10: off
      nsTLS11: off
      nsTLS12: off
      nsTLS1: off
        ==> SSL configuration fails.
        ==> Note: nsSSL3 is off by default.
    
      cn=encryption,cn=config
      nsTLS10: on
      nsTLS12: off
        ==> sslVersionMin: TLS1.0
        ==> Note: nsTLS12 is ignored.
            Even if off is set to the higher SSL version as in this example,
            it is not used as sslVersionMax, but it is ignored.
    
    https://fedorahosted.org/389/ticket/48816
    
    Thanks so much for the ideas, comments and discussions, William, Ludwig, and Mark!!
    Final review was made by wibrown@redhat.com (Thank you, William!!)