These libraries doing the crypto, often managed by the OS, are upgrading the TLS protocol and ciphers on the fly with most applications having no awareness of what's going on.
I would argue the opposite. openSSL is such a can of worms at this point that if you suggested this sort of magic thinking in a design meeting, you'd have a fight on your hands and I wouldn't be the only person arguing with you.
These libraries doing the crypto, often managed by the OS, are upgrading the TLS protocol and ciphers on the fly with most applications having no awareness of what's going on.