We started receiving reports from customers of F grades when using the SSL Server Test and we can intermittently reproduce on our own site (https://www.ssllabs.com/ssltest/analyze.html?d=pantheon.io)
We reached out to our partner that provides TLS termination and they responded:
> Most likely this is a grade because of zombie poodle. Our TLS terminators run openssl-1.1.0 and openssl-1.1.1, and neither is vulnerable to zombie poodle.
Can you confirm that this is a false positive on your end or is there anything we can do (e.g. disable certain ciphers) to fix on our side?