I have a site that supports the following:
TLS1.0, TLS 1.1, TLS 1.2
(cipher naming above is in NGINX format, which I think is actually OpenSSL format)
The SSL Labs SSL Server Test appears to indicate it won't work with IE6 on XP, however, I am using the Browserstack test tool which lets me launch an IE6 instance on XP and it appears to load the site just fine with SSL. I get the lock icon in the bottom right corner and can click on it to look at the certificate itself.
I suspect the test tool assumes it won't work due to my cert being a SHA256 signed cert (vs. SHA-1) although it does appear to work.
My guess is that super old XP (like before SP3) won't support SHA256, but clearly more modern XP updates do allow it.
I can not see what version of the OS Browserstack is leveraging (since it does not give me access to the Start menu), but I can see that IE version (in Help -> About) is:
Update Versions:; SP2;
I figured I would throw this out there since the fact that this tool says IE6 on XP does not work is perhaps somewhat of a misnomer.
Incidentally, the above Cipher list is exactly what Amazon.com supports and seems to be quite well thought out. It provides quite good security (checks nearly every box) but yet still has very good backward compatibility.