"The reductive answer to why TLS 1.3 hasn’t been deployed yet is middleboxes: network appliances designed to monitor and sometimes intercept HTTPS traffic inside corporate environments and mobile networks."
P.S. However, simply blaming network appliance vendors would be disingenuous.
Why TLS 1.3 isn't in browsers yet - link