The latest PCI DSS Requirements recommend only using TLSv1.1 and above.
MariaDB does not follow these recommendations. It looks like MariaDB can still use SSLv3 and TLSv1.0 if the server is linked with yaSSL, and MariaDB still use TLSv1.0 if the server is linked with OpenSSL.
Should we disable support for SSLv3 and TLSv1.0?
yaSSL only supports up to TLSv1.1, so we would probably need to replace yaSSL before we can do this. See
MDEV-18531 about that.
If we make this change, then we should also update the documentation: