pfSense

While there are no known weaknesses in TLSv1.0 as we have it configured, it's increasingly triggering "vulnerability" reports from vulnerability scanners, and disabling it isn't going to cause significant compatibility issues at this point. IE versions prior to 11 are the only significant thing it will break, and those versions of IE have been unsupported since January. Our default TLS config hasn't worked in IE versions earlier than 10 in about a year anyway.

Leaving enabled for captive portal for now, as that's still likely to encounter a variety of old, unsupported browsers that are outside the admin's control.