One other handy tool can be https://badssl.com/dashboard/ for doing a quick scan for surprises — this is especially useful if you're testing managed workstations and want to confirm that someone hasn't “fixed” a problem by deploying a group-policy update which breaks TLS security.
