TLS 1.0 and 1.1 are now disabled upstream (see tor-browser#11154), but TLS 1.2 contains ciphers suites using SHA-1 (`_SHA`). We can think about disabling those due the known weakness of SHA-1.