Implement David's suggestions.

src/core/tsi/ssl_transport_security.cc

@@ -915,25 +915,39 @@ static tsi_result tsi_set_min_and_max_tls_versions(
   // |SSL_CTX_set_min_proto_version| and |SSL_CTX_set_max_proto_version| APIs
   // only exist in this version range.
   switch (min_tls_version) {
+    case tsi_tls_version::TSI_TLS1_2:
+      SSL_CTX_set_min_proto_version(ssl_context, TLS1_2_VERSION);
+      break;
 #if defined(TLS1_3_VERSION)
+    // If the library does not support TLS 1.3 and the caller requests a minimum
+    // of TLS 1.3, then return an error because the caller's request cannot be
+    // satisfied.
     case tsi_tls_version::TSI_TLS1_3:
       SSL_CTX_set_min_proto_version(ssl_context, TLS1_3_VERSION);
       break;
 #endif
     default:
-      SSL_CTX_set_min_proto_version(ssl_context, TLS1_2_VERSION);
-      break;
+      gpr_log(GPR_INFO, "TLS version is not supported.");
+      return TSI_FAILED_PRECONDITION;
   }
+
   // Set the max TLS version of the SSL context.
   switch (max_tls_version) {
-#if defined(TLS1_3_VERSION)
+    case tsi_tls_version::TSI_TLS1_2:
+      SSL_CTX_set_max_proto_version(ssl_context, TLS1_2_VERSION);
+      break;
     case tsi_tls_version::TSI_TLS1_3:
+#if defined(TLS1_3_VERSION)
       SSL_CTX_set_max_proto_version(ssl_context, TLS1_3_VERSION);
-      break;
-#endif
-    default:
+#else
+      // If the libraary does not support TLS 1.3, then set the max TLS version
+      // to TLS 1.2 instead.
       SSL_CTX_set_max_proto_version(ssl_context, TLS1_2_VERSION);
+#endif
       break;
+    default:
+      gpr_log(GPR_INFO, "TLS version is not supported.");
+      return TSI_FAILED_PRECONDITION;
   }
 #endif
   return TSI_OK;