Last month, SSL Labs has changed their gradings. The Hiawatha website score changed from A+ to A. According to the grading guide, an A+ is give to servers with 'good configuration, no warnings, and HTTP Strict Transport Security support with a max-age of at least 6 months'. When I removed the support for TLS v1.1, the A+ was rewarded again.
Since all browsers have TLS v1.2 support and the Network Working Group is working on TLS v1.3, it's time to let go of TLS v1.1 and earlier versions. The next version of Hiawatha will by default only accept TLS v1.2. Of course, that can be changed via the MinTLSversion option.
It turned out that mbed TLS contains a bug. There is a patch available, but it's not finished yet. It works fine at my server, though. The default value of the MinTLSversion for the next Hiawatha release will remain at TLSv1.1.