doc: add not that DTLS 1.0, TLS 1.1 and before are disabled at security level 1
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18236)
diff --git a/doc/man3/SSL_CTX_set_security_level.pod b/doc/man3/SSL_CTX_set_security_level.pod
index 683840a..b490c74 100644
--- a/doc/man3/SSL_CTX_set_security_level.pod
+++ b/doc/man3/SSL_CTX_set_security_level.pod
@@ -78,29 +78,28 @@
are prohibited. Any cipher suite using MD5 for the MAC is also prohibited. Any
cipher suites using CCM with a 64 bit authentication tag are prohibited. Note
that signatures using SHA1 and MD5 are also forbidden at this level as they
-have less than 80 security bits.
+have less than 80 security bits. Additionally, SSLv3, TLS 1.0, TLS 1.1 and
+DTLS 1.0 are all disabled at this level.
=item B<Level 2>
Security level set to 112 bits of security. As a result RSA, DSA and DH keys
shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
In addition to the level 1 exclusions any cipher suite using RC4 is also
-prohibited. SSL version 3 is also not allowed. Compression is disabled.
+prohibited. Compression is disabled.
=item B<Level 3>
Security level set to 128 bits of security. As a result RSA, DSA and DH keys
shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited.
In addition to the level 2 exclusions cipher suites not offering forward
-secrecy are prohibited. TLS versions below 1.1 are not permitted. Session
-tickets are disabled.
+secrecy are prohibited. Session tickets are disabled.
=item B<Level 4>
Security level set to 192 bits of security. As a result RSA, DSA and
DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are
-prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS
-versions below 1.2 are not permitted.
+prohibited. Cipher suites using SHA1 for the MAC are prohibited.
=item B<Level 5>
