disable TLS 1.0 and 1.1
ssllabs now gives bad grades for servers that even offer TLS 1.0 and 1.1. Modern browsers deprecated TLS 1.0 or 1.1.
Re support see also:
And it seems 1.2 has been around quite long. I propose we stop offering TLS 1.0 and 1.1 on our webservers.