Disable TLS below 1.2 by default

This bug was fixed in the package nss - 2:3.48-1ubuntu1

---------------
nss (2:3.48-1ubuntu1) focal; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - d/libnss3.links: make freebl3 available as library (LP #1744328)
    - d/control: add dh-exec to Build-Depends
    - d/rules: make mkdir tolerate debian/tmp existing (due to dh-exec)
    - Disable reading fips_enabled flag in FIPS mode. libnss is
      not a FIPS certified library. (LP #1837734)
  * Set TLSv1.2 as minimum TLS version. LP: #1856428

nss (2:3.48-1) unstable; urgency=medium

  * New upstream release. Closes: #947131.
  * debian/control: Bump nspr build dependency to 4.24.
  * nss/lib/freebl/Makefile: Disable hardware AES on ARM softfloat to fix
    FTBFS on armel. Closes: #947246.

nss (2:3.47.1-1) unstable; urgency=medium

  * New upstream release.
    - Fixes CVE-2019-11745.

 -- Ubuntu Merge-o-Matic <email address hidden> Sun, 29 Dec 2019 03:43:36 +0000

For anyone who finds this bug, and wonders about the "Users can override this behaviour with a config file" part, here's what I did to get an OpenSSL-using application to talk to an old server that only supported TLSv1 (in my case, an old Mumble server):

1. create an "openssl.cnf" file somewhere with the following contents:

    openssl_conf = openssl_init

    [openssl_init]
    ssl_conf = ssl_sect

    [ssl_sect]
    system_default = system_default_sect

    [system_default_sect]
    CipherString = DEFAULT@SECLEVEL=1

2. set the OPENSSL_CONF environment variable to this file's path when running the application.

I wouldn't recommend making the change to the global /etc/ssl/openssl.cnf, or setting $OPENSSL_CONF for situations where it isn't needed, since this does reduce the default security.