I think in 4.6.1 (maybe 4.6), the default was set to TLS1.2 as well, so the problem was mostly solved a bit earlier. Much cleaner solution to listen to the OS though.