Digital Ocean load balancers currently accept TLS1.0 and ciphers with short keys which have been confirmed to be a security risk. Clients that use a load balancer for their application will most likely not pass security audits because of this.
Load balancers currently still accept TLS1.0 which has been confirmed vulnerable to POODLE attacks as of December 2014. Only very old browsers do not support TLS1.1 and TLS1.2 (e.g. Internet Explorer 9 and below) which have a negligible market share by now (see, for example, https://help.salesforce.com/articleView?id=000220586&language=en_US&type=1).
All TLS1.0 cypher suites should be disabled.
TLS1.1 and TLS1.2
These cipher suites still accept weak ciphers with keys shorter than 128 bits, which makes them vulnerable to birthday attacks. The affected suites are:
These should be disabled.