Description of problem:
Incorrect error message is thrown by hco when there cipher doesn't belong to same TLS version .

example :

oc patch hco kubevirt-hyperconverged -n openshift-cnv --type=json -p '[{"op": "replace", "path": /spec/tlsSecurityProfile, "value": {custom:

{minTLSVersion: "VersionTLS13", ciphers: ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256","ECDHE-RSA-AES128-SHA"]}

, type: "Custom"} }]'
The request is invalid: spec.configuration.tlsConfiguration.ciphers: You cannot specify ciphers when spec.configuration.tlsConfiguration.minTLSVersion is empty or VersionTLS13

"ECDHE-RSA-AES128-SHA" belongs to TLS v1.2 and this cipher cannot be used as it conflicts with minTLSVersion which is set as TLS 1.3

Remove this lower cipher :

$ oc patch hco kubevirt-hyperconverged -n openshift-cnv --type=json -p '[{"op": "replace", "path": /spec/tlsSecurityProfile, "value": {custom:

{minTLSVersion: "VersionTLS13", ciphers: ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"]}

, type: "Custom"} }]'
hyperconverged.hco.kubevirt.io/kubevirt-hyperconverged patched

So error message is misleading that we cannot specify ciphers, we cannot patched with lower ciphers based on minTLSVersion.

Version-Release number of selected component (if applicable):
4.14

How reproducible:
always

Steps to Reproduce:
1. Use oc patch hco kubevirt-hyperconverged -n openshift-cnv --type=json -p '[{"op": "replace", "path": /spec/tlsSecurityProfile, "value": {custom:

{minTLSVersion: "VersionTLS13", ciphers: ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256","ECDHE-RSA-AES128-SHA"]}

, type: "Custom"} }]'
2.
3.

Actual results:
Error message is misleading.

Expected results:

Additional info: