Set up SSLVersion for TLS
TLS 1.3, finalized on 2018-03-21; RFC 8446 on 2018-08-10 dated August 2018.

OpenSSL 1.1.1 on 2018-09-11 (support for TLS 1.3 and SHA-3)( and

First beta version of Red Hat Linux 8 mid November 2018: support for OpenSSL 1.1.1 and TLS 1.3
Red Hat Enterprise Linux 8 was officially released on 2019-05-07. Upgrading requires some steps finishing with: # yum install leapp (this statement misses in CentOS 8).
CentOS 8 was released on 2019-09-24 (derived from Red Hat Enterprise Linux).

Analyze TLS versions with:
Operate with TLS 1.2 / 1.3 for mx and outbound. Test with:
Test TLS, see ‘SSLVersion in use’:
TLS 1.0 if enabled:
The server has TLS 1.0 enabled. Since the 30th of June 2018 it is non-compliant with PCI DSS 3.2.1.
TLS 1.1 if missing:
The support of TLS 1.1 is mandatory according to HIPAA guidance

In articles:

In control panels:

In Mail Transfer Agents (MTA):

– The PHP Swift Mailer library was fixed in July 2018 for TLS 1.1 and TLS 1.2. Or PHP 7.2 can stream above TLS 1.0;
– Feedback for GFI to the Kerio Connect mail server product to have a clearer diagnosis of TLS version preference, especially that TLS 1.2 is default not offered for outbound email;
– How to fine-tune ciphers and TLS, see:
– For CentOS 8 End of life changed to 2021-12-31.
AlmaLinux based on Red Hat, is the alternative with a few conversion statements: