We are in the process of disabling TLS1.0 and 1.1 on our servers. We fixed an external site, scanned, and were happy to get an A score. Our developers needed to test a webservice that resides on the site with a client that only supports TLS1.0, so we reverted the change, allowed TLS1.0 connections... and got an A score when we re-ran the scan. PCI gives a fails allowing a TLS1.0 connection. Why does the server still show an A? (We cleared the cache when we re-ran the scan).