TLS version history: SSL 3.0 (broken), TLS 1.0/1.1 (deprecated 2020), TLS 1.2 (widely used, acceptable), TLS 1.3 (current standard — mandatory forward secrecy, fewer cipher suites, faster).
Disable TLS 1.0 and 1.1 on all servers — both are deprecated by RFC 8996 (2021). PCI DSS 4.0 requires TLS 1.2+ minimum. TLS 1.3 is strictly better: only strong cipher suites, always forward secrecy, faster handshake. Configure servers to prefer TLS 1.3.