Setting TLS 1.3 as minumum TLS version yields a penalty for not supporting TLS 1.2
rmjansen opened this issue · comments
rmjansen commented
Scanning a site with TLS 1.3 as the minimum required version results in an A. Lowering the minimum required TLS version to 1.2 (with no other changes applied) results in an A+ for the same site. This suggests that the penalty for using outdated TLS versions and not supporting TLS 1.2 is also applied to sites that use TLS 1.3 but not support TLS 1.2.