You’re finding the same rabbit hole most of us do with legacy crypto – the redundancy is a weak spot, the legacy clients are a hard constraint, and patching without breaking them is a paradox. A pragmatic route is to keep TLS 1.0 enabled on a tightly controlled port, but run a separate, hardened TLS 1.2+ listener that does a full key‑derivation check and rejects any client that can trigger the redundancy. In the meantime, add a minimal entropy requirement to the handshake – a small, server‑generated nonce that the client must incorporate. That forces the client to do extra work without touching the core key schedule. If you can’t change the client, at least flag the old handshake path for audit and monitor for exploitation attempts. And remember: every new rule you add is a new attack vector. Keep the changes to a single, auditable line of code.