WAF - TLS 1.2 support
The WAF should support the latest version of TLS, and be secure against BEAST and CRIME exploits.
Any changes to the WAF will re-enable weak TLS which causes websites behind WAF to fail PCI scans. Only workaround is to modify the Apache config file directly until it breaks again.
My experience indicates that this was implemented quite a while ago. You could take back your votes.