Comment 10 for bug 1917625

> Could you hook up the check to SSL_CTX_set_min_proto_version() and return an error code when level and security policy don't match? It's a modern setter, so it can return 0 on error.

That is interesting proposal.

However, need to be careful as to potentially not break configs, i.e. if they specify min_protocol_level first, then lower the security level.