I ask this due to my current provider’s refusal to directly address the attacks v CBC ciphers in TLSv1.2. While I understand that the attacks are ineffective against TLSv1.3, completely disabling use of TLSv1.2 is unfortunately not a reasonable option within today’s network ecosphere. Thank-you all for your your time.
Well, look at this: the relevant part of most recent scan of a site I’ve got served via GitLab’s Netlify integration:
And the most recent of a site hosted with (y)
It is also possible to upload your own certificate. You are not required to use the one we auto-provision for a site.
to follow up on Luke’s response, the certificates we provide are all identical no matter how much you pay us 
- standard from Lets Encrypt: https://letsencrypt.org/
Thank-you for your answers. As you can see from the screenshots I’ve posted, the certs Netlify issues are not affected, whereas those issued by (y) are affected.
(Attachment publickey - admin@intr0.com - 0xCA04F762.asc is missing)
