TLS 1.0 uses chained IVs, which is a protocol flaw. It also has an explicit protocol alert for decryption failures, which makes error oracle attacks simpler. TLS 1.0 is broken. It isn't catastrophically broken so far as we know now, but nobody should be deliberately preferring it.
Thats rather unfortunate. I think you can use Homebrew to pull in newer stuff, though, but I haven't tried (I don't host stuff on my MBP, I use my Linux workstation for that).
I'm sure you could, but bear in mind that several OS X Server services are built on top of the system Apache and its configuration file structure, so you probably don't want to replace it with a package manager-built version if you rely on any of these services.
On the other hand, it wouldn't be too hard to build and install a version of the SSL module compatible with the system Apache linked against a newer OpenSSL version, however, and I wouldn't expect this to break Apple's services, at least not until you install an update that either breaks binary module compatability or clobbers your tweaked module configuration.
I don't use Homebrew, so I couldn't tell you if it's capable of building modules for the system Apache, but building the SSL module "by hand" for system Apache with Homebrew OpenSSL should be straightforward enough.
Server software as an add on downloadable from the App Store on the Mac, not a physical server like XServe. They recommend a Mac Mini with two hard disks installed as a SOHO server but obviously aren't catering for large neworks - no hot-swappable drives or fancy RAID for example (unless you use an external Thunderbolt caddy). They're leaving that market to Windows AD and Linux (mostly Windows AD I suspect).
Oddly, the server software on the Mac gets less and less features each release since Snow Leopard apparently. I think Ars Technica has a review of the server software, and is pretty in-depth.
I'm surprised to find that Apple's OSX Server (Mavericks) ships without TLS 1.1 or 1.2 support.
Are these not widely deployed? Or no sense of urgency since 1.0 isn't broken.