Today, you may specify 'TLSHandshakeTimeShift' in the cluster configuration of the orderer to work around expired TLS certificates to allow the orderer to restart with quorum even when TLS certificates have expired.
However, this config variable only applies when there is a separate cluster port listener involved. When the cluster port is shared with the standard orderer port, this option is ignored.
This story is to expose a similar config option for the general TLS options of the orderer, to be applied to the standard orderer TLS listener. In the event that a separate cluster port is utilized, then the setting in the cluster settings should take precedence.