I am wondering why TLS1.0 is still acceptable? I am seeing site that are rated an A+ with TLS1.0 active. Even your own site states "TLS1.2" is the only secure protocol. May sites us opportunistic TLS, which allows fallback to TLS1.0.
NIST, PCI-DSS have definitely deprecated TLS1.0. Microsoft is throughout this year, and a laundry list of other industry leaders are as well.
Shouldn't it at least be a warning, or a B rating if TLS1.0 is an option?
Not an accusation - just a question as no one accepts this for PCI or HIPAA/government secret data any longer. OCR(Office of Civil Rights)
I am curious on this as well, the policy I am working on is going to mandate TLS 1.1+ is only acceptable TLS 1.0 is not and if I see TLS 1.1 it will be a warning. Moving from TLS 1.0 to TLS 1.2 has been difficult with some applications but TLS 1.1 to TLS 1.2 in general has not had those challenges.