Feature Request: Add a min_version to the TLS section api

[summercms]

Hello,

I would like to suggest an api property of min_version for the TLS section. A code example would look like this:

{
    "ids": ["my-policy"],
    "tls": {
        "required": true,
        "certificate_transparency": {
            "disposition": "enforce",
            "report_to": "group-name"
        },
        "min_version": "1.2"
    }
}

The above code example would then signal to the browser to ignore TLS versions 1.0 and 1.1 and accept 1.2 and above.

TLS 1.0 and TLS 1.1 protocols will be removed from browsers at the beginning of 2020. As there are no fixes or patches that can adequately fix SSL or deprecated TLS, it is critically important that organizations upgrade to a secure alternative as soon as possible.

Various Browser clients have provided approximate deadlines for disabling TLS 1.0 and TLS 1.1 protocol:

Browser Name	Date
Microsoft IE and Edge	First half of 2020
Mozilla Firefox	March 2020
Safari/Webkit	March 2020
Google Chrome	January 2020

Best practices outlined in RFC-7525 give reasons why it is discouraged to use protocol TLS 1.0 and TLS 1.1. PCI-DSS recommends users to switch from protocol TLS 1.0 and adopt protocol TLS 1.2+.

Following table shows for each browser the percentage of connections made to SSL/TLS servers using protocol TLS 1.0 and TLS 1.1:

Browser/Client Name	Percentage (%) – Both TLS 1.1 and TLS 1.0
Microsoft IE and Edge	0.72%
Mozilla Firefox	1.2%
Safari/Webkit	0.36%
Google Chrome	0.5%
SSL Pulse November 2018	5.84%