Update: Please disregard the response below. It seems that the TLS 1.3 RFC does actually make it possible for the client to announce support for both TLS 1.3 and 1.2, but with a preference of TLS 1.2. We will look into this next month!
If both the client and the server announce TLS 1.3 support, the connection is going to use TLS 1.3. This is an essential part of the TLS protocol because it prevents attacks based on protocol downgrade. The only way to enforce TLS 1.2 is to disable TLS 1.3 at the client or server side.
However, if you are unable to connect with a Rebex client (configured to only allow TLS 1.2) to a Synology server (configured to allow both TLS 1.2 and 1.3), something is obviously wrong somewhere. But this should not be cause by the lack of
supported_version on Rebex ClientHello. If it was, that would indicate the server is not compliant with TLS 1.3 specification, which says:
If this extension is not present, servers which are compliant with this specification and which also support TLS 1.2 MUST negotiate TLS 1.2 or prior as specified in [RFC5246], even if ClientHello.legacyversion is 0x0304 or later. Servers MAY abort the handshake upon receiving a ClientHello with legacyversion 0x0304 or later.