Comment 1 for bug 2048520

> With the current dependecy chain there is no possibility to use TLS 1.3 with IPA

I don't believe this statement is actually true?

$ curl -kvI https://192.168.122.164:9999 2>&1 | grep 'connection using'
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384

$ openssl s_client -connect 192.168.122.164:9999 -tls1_3 -brief
Can't use SSL_get_servername
depth=0 CN = box
verify error:num=18:self-signed certificate
depth=0 CN = box
verify error:num=10:certificate has expired
notAfter=Aug 11 09:58:25 2023 GMT
notAfter=Aug 11 09:58:25 2023 GMT
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_256_GCM_SHA384
Peer certificate: CN = box
Hash used: SHA256
Signature type: ECDSA
Verification error: certificate has expired
Server Temp Key: X25519, 253 bits

I think what we discovered is that you cannot limit IPA to *only* support 1.3 because of Python (not only oslo.service) limitations.