Access to TLS version

[mpg]

When we made the minor_ver and major_ver fields of ssl_context private in 3.0, this prevented applications from checking the negotiated version. (There is mbedtls_ssl_get_version() but it returns a string, so is less suitable for programmatic use.)

We should introduce a convenient way for applications to check the negotiated version.

I don't think we should make the fields public again, because in the future we may want to remove major_ver (it's always 3) and we may also want to remove minor_ver in builds that only support one version of TLS, in order to save code size and RAM. So instead we should have a getter function.

It is unclear if it's preferable for this function to return something similar to the existing major_ver and minor_ver or something from a new enum. A big drawback of the existing fields is they're uselessly exposing the on-the-wire format, which is confusing as minor_ver is off-by-one (it's 3 for TLS 1.2 and 4 for TLS 1.3). An enum with aptly-named constants would be cleaner, but might be more of a migration burden for people used to the existing fields.

[paul-elliott-arm]

Closed by #5426