What you are talking about are the notes regarding SSL/TLS on several requirements, such as 2.2.3 in PCI DSS v3.1:
Note: SSL and early TLS are not considered strong cryptography and
cannot be used as a security control after June 30, 2016. Prior to
this date, existing implementations that use SSL and/or early TLS must
have a formal Risk Mitigation and Migration Plan in place.
This ties into the risk assessment process in 12.2:
12.2 Implement a risk-assessment process that:
- Is performed at least annually and upon significant changes to the environment (for example,
acquisition, merger, relocation, etc.),
- Identifies critical assets,
threats, and vulnerabilities, and
- Results in a formal, documented
analysis of risk.
See this guidance for what early TLS and SSL means. In a nutshell you want all SSL/TLS communications to be on TLS 1.1 and above.
I don't know what you're referring to with "lowering your score", however your mitigation plan must have something in place to say how you are getting rid of TLS 1.0 and earlier before July 2016. After this date you must not be using TLS 1.0 and earlier at all, therefore any audits that take place after this date will fail if you are. You are correct, there is no immediate requirement to have these protocols disabled - just so long as the plan is there.
Disclaimer: I'm not a QSA, nor your QSA