Following best practices in the industry, no TLS versions prior to TLS1.2 are now recommended. TLS1.2 was released in 2008 and is over 11 years old. Whilst TLS1.2 has aged well and is still considered secure when well configured, TLS1.3 is designed with current best practices in mind and has removed many features from TLS1.2 that are no longer considered secure. For now, a TLS1.3 server will be secure by default, and cannot be configured in a way to be vulnerable to the well-known attacks against TLS such as SWEET32, and LogJam. TLS1.3 only supports the following cipher suite, which are all considered high security, and all of which provide perfect forward security.
Not only is TLS1.3 more secure, but it’s also faster. With new features such as Zero Round Trip Time (0-RTT) and TLS-False start, servers are much quicker at bringing up a TLS1.3 connection and often shortening the connection time by a third for initial connections, and even shorter on reconnecting.