deprecate TLS 1.0 and 1.1 by default
TLS 1.3 has been released, and TLS 1.2 is now ten years old. It's time to deprecate TLS 1.0 and TLS 1.1. There's also an IETF draft recommending this.
Currently, ssl_use_tlsv1
and ssl_use_tlsv1_1
still default to Yes
, let's default them to No
.