crypto: don't disable TLS 1.3 without suites

In the manual page, there is a stement that ciphersuites contain
explicit default settings - all TLS 1.3 ciphersuites are available.
In node, we assume that an empty setting mean no ciphersuites and
we disable TLS 1.3. A correct approach to disabling TLS 1.3 is to
disable TLS 1.3 and by not override the default ciphersuits
with an empty string.

So, only override OpenSSL's TLS 1.3 ciphersuites with an explicit
list of ciphers. If none are acceptible, the correct approach is
to disable TLS 1.3 instead elsewhere.

Fixes: #43419

Author: AdamMajer

lib/internal/tls/secure-context.js

@@ -225,15 +225,10 @@ function configSecureContext(context, options = kEmptyObject, name = 'options')
     cipherSuites,
   } = processCiphers(ciphers, `${name}.ciphers`);
 
-  context.setCipherSuites(cipherSuites);
+  if (cipherSuites !== '')
+    context.setCipherSuites(cipherSuites);
   context.setCiphers(cipherList);
 
-  if (cipherSuites === '' &&
-      context.getMaxProto() > TLS1_2_VERSION &&
-      context.getMinProto() < TLS1_3_VERSION) {
-    context.setMaxProto(TLS1_2_VERSION);
-  }
-
   if (cipherList === '' &&
       context.getMinProto() < TLS1_3_VERSION &&
       context.getMaxProto() > TLS1_2_VERSION) {