Having used NS for over a year, I found that last week it fell-over and died - reason unknown! On a daily basis it was successfully defending against typically 2,000+ failed log-ins. Maybe one of these were eventually successful?
Anyway, having reinstalled and tested a new NS, I find this 2 minute test of my NS: https://www.ssllabs.com/ssltest/analyze.html?d=therivermersey.com . Presently, the NS achieves an overall score of “A” - which is VERY good! However, the testing system will down-rate that same set-up to “B” next month purely because NS still supports TLS 1.0 & TLS 1.1 ( https://blog.qualys.com/ssllabs/2018/11/19/grade-change-for-tls-1-0-and-tls-1-1-protocols?_ga=2.85012249.1265987208.1576420553-952891402.1576420553 )
Could the developers consider making available a menu of check-boxes for users to selectively choose which TLS versions are available on their NS installations, please?
With that and a few other “tweaks”, it might be possible to get a NS installation to be rated “A+”!