is there a ways to force a minimum allowed TLS version?
EDIT: I saw there's the choise on the upstream, but I didn't see in the frontend server
The frontends are hardcoded to 1.1-1.3 (1.1 is only for compatibility) but 1.3 is currently not available because the TLS library is outdated.
Imho this is a sane setting or do you want to get rid of 1.1 (which will probably cause problems with for example older Java versions, older Android devices, ...)?
It may be available with 20.1 but that's not under my control.
See https://github.com/opnsense/plugins/issues/790 for the ticket tracking the issue for HAProxy and nginx (we both suffer the same issue).
thanks Fabian, I am fine with 1.1, I am glad 1.0 is not supported by default :)