b57c818 Use only TLS 1.2 by default

Authored and Committed by cheimes 4 years ago
    Use only TLS 1.2 by default
    
    TLS 1.3 is causing some trouble with client cert authentication.
    Conditional client cert authentication requires post-handshake
    authentication extension on TLS 1.3. The new feature is not fully
    implemented yet.
    
    TLS 1.0 and 1.1 are no longer state of the art and now disabled by
    default.
    
    TLS 1.2 works everywhere and supports PFS.
    
    Related: https://pagure.io/freeipa/issue/7667
    
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    
        
file modified
+3 -3
file modified
+20 -13
file modified
+5 -3
file modified
+2 -1
file modified
+2 -2