Re: TLS 1.3
"It's quite a graceful change, all told. I'd expect the optional features to follow in later releases across the next six or so months."
That's great, but the big question now is how long until that version of OpenSSL filters down to enterprise grade distributions (who do not just run latest version of OpenSSL)
Hopefully Redhat backport the changes which add TLS 1.3 to RHEL 7, if not I'll have to wait for RHEL 8 :-).
But knowing Redhat they probably will, they added forward secrecy to RHEL 6 later in its life during a point release, so maybe they'll do the same with TLS 1.3 for RHEL 7.
Either way, as soon as it lands it is being configured and set up :-).