You need to use server.ssl.supported_protocols.
I have this on mine:
server.ssl.supported_protocols: ["TLSv1.2", "TLSv1.3"]
server.ssl.cipher_suites: [ "ECDHE-RSA-AES-128-GCM-SHA256", "ECDHE-RSA-AES-256-GCM-SHA384", "ECDHE-RSA-AES-128-CBC-SHA", "ECDHE-RSA-AES-256-CBC-SHA", "RSA-AES-128-GCM-SHA256", "RSA-AES-256-GCM-SHA384", "RSA-AES-128-CBC-SHA", "RSA-AES-256-CBC-SHA" ]