Fair, yes, I certainly agree that regulation needs to be a key part of this. In one case I was aware of, simply being able to rebuild an Android image after setting the flag to enable TLS >1.0 would’ve added years to the service life of some expensive hardware.