Needing TLS 1.0 is not a surprise
Modern OS aren't the problem, embedded kit is. There's a variety of embedded kit that supports either HTTP, or TLS 1.0, and it isn't getting updated beyond that point.
It's all very well to say 'update to TLS 1.4', but when the response is 'where's 300 grand for new hardware and installation', even the more security conscious firms aren't likely to bite if the data involved aren't particularly sensitive. Then, beyond the 300 grand it turns out the new secure hardware isn't compatible with the old, so it needs work on both the client and server end, so add another ten grand plus by the time development and testing are complete.
What TLS endpoint vendors should really be doing is selective endpoint validation. So the majority of TLS clients go to the normal site and stay nice and secure. The few expensive holdouts only browse to www.mysite.com/URLUsedOnlyByExpensiveEmbeddedKit and are secured there.
Alternatively there's running the endpoint in HTTP and having a load balancer/TLS offloader that does selective permitting of TLS 1.0 as mentioned.
Biting the hand that feeds IT
