Set up SSLVersion for TLS

wikipedia.org:
https://en.wikipedia.org/wiki/Transport_Layer_Security
TLS 1.3, finalized on 2018-03-21; RFC 8446 on 2018-08-10 dated August 2018.

OpenSSL 1.1.1 on 2018-09-11 (support for TLS 1.3 and SHA-3)(https://www.openssl.org/news/openssl-1.1.1-notes.html and https://wiki.openssl.org/index.php/TLS1.3)

First beta version of Red Hat Linux 8 mid November 2018: support for OpenSSL 1.1.1 and TLS 1.3
Red Hat Enterprise Linux 8 was officially released on 2019-05-07. Upgrading requires some steps finishing with: # yum install leapp (this statement misses in CentOS 8).
CentOS 8 was released on 2019-09-24 (derived from Red Hat Enterprise Linux).

Analyze TLS versions with: https://www.immuniweb.com/ssl/
Operate with TLS 1.2 / 1.3 for mx and outbound. Test with: https://mecsa.jrc.ec.europa.eu
Test TLS, see ‘SSLVersion in use’: https://www.checktls.com
TLS 1.0 if enabled:
The server has TLS 1.0 enabled. Since the 30th of June 2018 it is non-compliant with PCI DSS 3.2.1.
TLS 1.1 if missing:
The support of TLS 1.1 is mandatory according to HIPAA guidance

In articles:

In control panels:

In Mail Transfer Agents (MTA):

Remarks:
– The PHP Swift Mailer library was fixed in July 2018 for TLS 1.1 and TLS 1.2. Or PHP 7.2 can stream above TLS 1.0;
– Feedback for GFI to the Kerio Connect mail server product to have a clearer diagnosis of TLS version preference, especially that TLS 1.2 is default not offered for outbound email;
– How to fine-tune ciphers and TLS, see: https://webhostingtech.nl/security-setup/tuning-ciphers-and-tls/