Security
   * When negotiating TLS version on server side, do not fall back to the
     TLS 1.2 implementation of the protocol if it is disabled.
     - If the TLS 1.2 implementation was disabled at build time, a TLS 1.2
       client could put the TLS 1.3-only server in an infinite loop processing
       a TLS 1.2 ClientHello, resulting in a denial of service. Reported by
       Matthias Mucha and Thomas Blattmann, SICK AG.
     - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
       was able to successfully establish a TLS 1.2 connection with the server.
       Reported by alluettiv on GitHub.
    Fixes CVE-2024-28836.