TLSv1 has been deprecated for some time now and is disabled in Sympl for web traffic, but it’s come time to disable it in for Mail (incoming and outgoing) and FTP traffic.
The next update to Sympl (currently on the testing branch) disables TLSv1, forcing clients to use TLSv1.1 or higher for mail connections, and FTP connections on Buster.
This is also a step on the course to making Sympl PCI Compliant by default, or at the very least, making it as easy as possible.
Unfortunately, FTP on Stretch uses the default (older) version of Pure-FTPd, which is limited to only using TLSv1, so users looking for PCI Compliance there should disable/firewall/remove the FTP service.
Longer-term, I plan to replace the basic FTP setup for Sympl with a jailed SFTP configuration, which provides the same functionality in more situations, including using IPv6-only reverse proxys.