We completely disabled TLS 1.0 & 1.1 on www.bbc.co.uk, www.bbc.com & BBC Account web endpoints today.
This follows a deprecation (soft-retirement via HTML warning page) period of about a month. Usage was low - ~5-10 RPS - and mostly from crufty old bots/scripts.
This one change took our TLS rating (on SSLLabs & testssl.sh) from B to A+.
Next up:
-* *Enabling PQC &* finally* removing 3DES on our in-house CDN
- Retiring non-FS ciphers