Version 9.01 Build 161 is now showing up as an upgrade on my appliance as a GD release. Will be upgrading shortly and hoping it has fixed the bugs that were still in 9.01 Build 135.
If you don't see it on your appliance you can probably contact TAC and have them enable you for the new version.
I just found this and it's been in limited release since September 29th so maybe soon.
What’s New in Cisco AsyncOS 9.0
TLS/SSL Configuration For enhanced security, you can now enable and disable SSL v3 and various versions of TLS for several services. Disabling SSL v3 for all services is recommended for best security. You also can enable a protocol fallback option. Note Cisco’s Update servers do not support SSL v3, therefore TLS 1.0 or above must be enabled for the Cisco Update service. However, SSL v3 can still be used with a local update server, if it is so configured—you must determine which versions of SSL/TLS are supported on that server.
AsyncOS version 9.0 is available in FCS release now and can be manually provision to WSA appliance by request.
This version support TLS 1.1 and 1.2 now.
To get this version, need to open TAC case and request to manually provision this version to your WSA serial number
I was looking for this same answer for a client and found in the release notes for AsyncOS 9.6 that TLS 1.2 is supported as of that version.