disable TLS 1.0 and 1.1
ssllabs now gives bad grades for servers that even offer TLS 1.0 and 1.1. Modern browsers deprecated TLS 1.0 or 1.1.
Re support see also:
- https://en.wikipedia.org/wiki/Transport_Layer_Security#Applications_and_adoption
- https://caniuse.com/tls1-1
- https://caniuse.com/tls1-2
And it seems 1.2 has been around quite long. I propose we stop offering TLS 1.0 and 1.1 on our webservers.