Sorry, I didn't mean to suggest we should abandon the change/bug, as not all distros have crypto policy support systemwide.
Rather, that we should
1. make sure the out of the box behaviour is to honour openssl defaults
2. provide a nova.conf setting for the protocol version, which allows an ordered list of versions to be set by the admin. eg might set something like vnc_tls_protocol = [ "tls1.3", "tls1.2"]
Sorry, I didn't mean to suggest we should abandon the change/bug, as not all distros have crypto policy support systemwide.
Rather, that we should
1. make sure the out of the box behaviour is to honour openssl defaults
2. provide a nova.conf setting for the protocol version, which allows an ordered list of versions to be set by the admin. eg might set something like vnc_tls_protocol = [ "tls1.3", "tls1.2"]