TLSVersionCounts is a decoration on ServiceContext. This means that it is not possible to record version counts negotiated through different Service roles. We should migrate the object to Service.

This will be complicated by the lifetime and ownership semantics of the objects in question.  SSLManagerOpenSSL records the TLS version of a negotiated protocol in parseAndValidatePeerCertificate by calling recordTLSVersion. This function does not accept a ServiceContext/Client/or OperationContext. Instead, recordTLSVersion acquires TLSVersionCounts off the global service context. SSLManagerOpenSSL is owned by the SSLManagerCoordinator, which is itself a global singleton and not a decoration.

Somehow, we would need the transport layer to pass a Service to parseAndValidatePeerCertificate, which would be used to acquire the TLSVersionCounts.