OpenSSL 1.1.1 adds protocol version TLSv1_3. The current config interface has no way to enable or disable that version. This was predicted in
The ssl self test tests the customer interface nicely but does not test that the requested TLS versions used by the domain are enforced or not. Qpid-dispatch has a self test that exercises actual connections https://github.com/apache/qpid-dispatch/blob/master/tests/system_tests_ssl.py and it is failing with OpenSSL v1.1.1.