And yes, I fully understand that selecting only TLS 1.3 while
allowing only 1.2 ciphers, or vice versa, would fail. That's the
same as, when 1.2 came in, selecting only 1.2 ciphers while
disallowing 1.2. In the future, it's the same as allowing only 1.3
while selecting only 1.4 ciphers.
If the library were to detect those problems (and report them
clearly!) then that would be great, but it's OK if a user interface
has to apply those rules on its own, or if it's just left up to the
user.
--
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris