This is a pretty bad idea, following a trend that's based on common misunderstandings of how protocols work, and undermining the value of robustness and interoperability (also known as Postel's law).
Browser vendors have announced that they'll be deprecating support for TLSv1.0 and TLSv1.1 in 2020. It is often cited that TLSv1.0 is removed in order to avoid downgrade attacks. But if supported browsers don't support anything below TLSv1.2, then there's nothing for them to downgrade to, so, there doesn't seem to be a good reason to remove support on the websites as well.
This change means that it will no longer be possible to view your properties from older iPad, iPhone, Android and webOS devices, for little good reason. Keep in mind, these are devices that have gigabytes of storage and hundreds of megabytes of memory each, these are not some outdated devices that don't have the processing power to do common tasks, these are very powerful devices that simply have been abandoned by their vendors. This will result in an effective link rot on a rather large scale (search results from Google will no longer work), and will widen the digital gap between people who don't have the resources to buy the latest tablets, phones and other gadgets. You're effectively doing the brokering for planned obsolescence on behalf of Apple and other vendors, contributing to the global warming by deprecating very powerful devices, each with gigabytes of storage and megabytes of RAM, which are still perfectly capable of performing complex computing tasks.
SSL Labs rating is a B.Only a third of 0.6% of visitors require TLSv1.0. You're basically telling us that you'd rather have a better rating on a meaningless scale by completely denying access to your website only for a few million actual, real users. Is this for real? Is this what our industry has become?
Please consider doing the following instead:
Bring back full HTTP access. With an HSTS policy in place, none of the supported browsers will ever notice that HTTP support is even available. With HSTS (which is already in place on Stack Overflow), all
http://links are treated ashttps://, so, there's no effective difference for any supported browser, but the older devices that may not have recent https support could still view the site. (For new visitors, all you have to do is have an invisible pixel to your HTTPS site from the HTTP one, which will automatically install HSTS policy, and no further requests will be made over HTTP; this is trivial to accomplish, and should seamlessly support both legacy and modern browsers.)Do not disable TLSv1.0 (and noone cares for TLSv1.1 either way, as there's hardly anything that supports TLSv1.1 without also supporting TLSv1.2). Even if HTTP access is available, browsers that don't support TLSv1.2 would not be able to follow the existing
https://links due to lack of TLSv1.2 support, resulting in link rot. (If there's a worry about certificate compromise with serving TLSv1.0, it's rather trivial to divert TLSv1.0 and TLSv1.2 traffic to distinct servers that each have distinct certificates, serving distinct content, without TLSv1.2-only clients being affected in any negative way; if TLSv1.0 is somehow deemed to be so insecure as to being worse than straight HTTP, then it's also an option to redirect back from HTTPS to HTTP for such old TLSv1.0-only clients in order to not contribute to link rot.)
