I sometimes run a tool to check the TLS/SSL state of well known usenet servers. I post that on a website, but alas my posts with that URL get banned by moderators (because of "backdoor promoting" ... ?).

Overall statistics:

243 known newsservers, of which:

• 229 provide TSL1.3
• 14 provide TLS1.2

Nice!

But then: how good is the SSL/TLS they offer? https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide offers a guide for "SSL Server Rating Guide", and the tool testssl.sh determines that rating per server.

A reason for a lower rating is still offering TLS1.1 and TLS1, or being vulnerable to well-known attacks like POODLE or providing low ciphers.

The statistics

• 10  Overall Grade                A    
• 224  Overall Grade                B     
• 8  Overall Grade                C     
• 4  Overall Grade                F

Those B grades are caused by offering TLS1.1 and TLS1 ... so why are usenet providers still offering that? TLS1.2 was introduced in 2008 (14 years ago), and starting from Windows 7 (SP1) and OpenSSL 1.0.1 (2012) it has been supported, so I would say deprecating TLS1.1 and lower would be OK?