[hannob]

> The few good ones show what is possible

If you've read that out of the paper you read a different one. Quote:

"Our grading scale focuses on the security of the TLS handshake and does not account for the additional HTTPS validation checks present in many browsers, such as HSTS, HPKP, OneCRL/CRLSets, certificate transparency validation, and OCSP must-staple. None of the products we tested supported these features."

Read: Some products got the absolute basics right. None of the solutions did anything that can reasonably be called "good".

> I expected much higher general standards.

I didn't. I don't expect anything from security appliance vendors.