Hey @tristan43
Your configuration seems to be correct. I've just applied that to one of my test environments and run SSLtest using sslabs.com against that. The results are the following:
TLS 1.3 Yes
TLS 1.2 Yes*
TLS 1.1 No
TLS 1.0 No*
SSL 3 No
SSL 2 No
I also used curl for testing the website. I forced the specific TLS version by adding the parameter to curl:
curl --tlsv1.1 --tls-max 1.1 ...
and I received the error message as it was expected.
curl: (35) error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version
Can you please try to use curl with the specific TLS version?
I am not familiar with the tool (sslscan) you are using. However, your configuration seems to be correct.
Thank you,