Hi,
From 6.6.x version , default TLSv1 will be in disabel state, whether to use this version or not is all depend on cusotmer.
If you have any legacy devices, it will use TLSv1 during authentication negotation it is device specific. We need to allow TLSv1 in CPPM for authentication to work , if deivces looking for TLSv1.
Regards,
Pavan