"Testcase" (less than full cert setup):
$ apt install apache2
$ a2enmod ssl
$ vim /etc/apache2/mods-enabled/ssl.conf:
Change protocols to:
SSLProtocol all -SSLv3 +TLSv1.2 TLSv1.3
For an SRU we might want more, but that is enough to check if a given apache already has TLSv1.3
With that I confirmed your expectation that >=Disco is already fine in that regard.
"Testcase" (less than full cert setup): mods-enabled/ ssl.conf:
$ apt install apache2
$ a2enmod ssl
$ vim /etc/apache2/
Change protocols to:
SSLProtocol all -SSLv3 +TLSv1.2 TLSv1.3
For an SRU we might want more, but that is enough to check if a given apache already has TLSv1.3
With that I confirmed your expectation that >=Disco is already fine in that regard.