Comment by brookst

In addition, there are TLS downgrade attacks that can trick a client into using SSL or a less secure cipher suite. Clients (and servers) can also prevent this, but it’s the classic long tail of vulns where it may mean blocking older clients, which might include third parties or abandoned automation.