The IETF (Internet Engineering Task Force), which develops the protocols and architecture of the Internet, has published RFC 8996, officially relegating the TLS 1.0 and 1.1 protocols to the category of obsolete technologies.
The TLS 1.0 specification was published in January 1999. Seven years later, the TLS 1.1 update was released with security improvements related to the generation of initialization vectors and incremental padding. According to SSL Pulse, as of January 16, TLS 1.2 is supported by 95.2% of websites that allow secure connections, and TLS 1.3 by 14.2%. TLS 1.1 connections allow 77.4% of HTTPS sites, while TLS 1.0 allows 68%. Approximately 21% of the first 100 sites ranked by Alexa still do not use HTTPS.
The main problems of TLS 1.0 / 1.1 are the lack of support for modern ciphers (for example, ECDHE and AEAD) and the presence in the specification of a requirement to support old ciphers, the reliability of which is questioned at the present stage of development of computer technology (for example, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA support is required to check the integrity and authentication MD5 and SHA-1 are used). Support for legacy algorithms has already led to attacks such as ROBOT, DROWN, BEAST, Logjam and FREAK. However, these problems were not directly protocol vulnerabilities and were closed at the level of its implementations. There are no critical vulnerabilities in the TLS 1.0/1.1 protocols themselves that can be used to carry out practical attacks.
Source: opennet.ru