Bugfix (introduced: Postfix 3.5.5): part of a memory leak
fix was backported to the wrong place. File: tls/tls_misc.c.

The Postfix 3.5.5 workaround did not explicitly override
the system-wide OpenSSL configuration of allowed TLS protocol
versions, for sessions where the remote SMTP client sends
SNI. It's better to be safe than sorry. File: tls/tls_server.c.