How is TLS 1.0 broken? All I could find is BEAST, but that seems to be mitigated by client patches.

Interestingly Wkikipedia says that TLS 1.1 and 1.2 only have about 25% adoption on servers. Which is shocking if in fact TLS 1.0 is truly broken.

TLS 1.0 uses chained IVs, which is a protocol flaw. It also has an explicit protocol alert for decryption failures, which makes error oracle attacks simpler. TLS 1.0 is broken. It isn't catastrophically broken so far as we know now, but nobody should be deliberately preferring it.