Internet Explorer makes use of the SChannel implementation on the underlying OS. "Support" for Windows XP from Microsoft ended in April 2014, but this doesn't tell the whole story. What actually ended in April 2014 was Extended Support - the provision of security updates, and no more. The last major update to Windows XP was Service Pack 3, released in April 2008, and the last time any feature was added to Windows XP was April 2009 - over seven years ago. Much has changed on the Internet in that time, and Windows XP has finally lost an important battle with the release of the SWEET32 attack on Triple-DES encryption.
Windows XP's SChannel implementation supports a number of different cipher suites. However, because no new cipher suites or protocols have been added since Windows XP was released in 2001, it's impossible to use the most secure cipher suites or protocol available to users of more modern browsers. TLS 1.2 fixes many security flaws which exist in TLS 1.0, which in turn fixes a very serious flaw in SSL 3.0. By default, Internet Explorer on Windows XP is installed with SSL 2.0 (a long since abandoned protocol) and SSL 3.0 enabled, and TLS 1.0 disabled. Most web sites turned off SSL 3.0 after the POODLE attack rendered it obsolete and insecure. As a result, most Windows XP users have switched on TLS 1.0 for Internet Explorer.
This has meant that they have been able to continue to browse the web using HTTPS for many years. TLS 1.0 is the oldest protocol available which is still thought to be secure when implemented correctly, and is the newest protocol available on Windows XP. However, this is only half the story - when an HTTPS connection is established, the protocol is used to initiate the connection, and then the cipher suite does the job of encrypting the information so that it can't be eavesdropped on or modified in transit. This is where SWEET32 has broken Internet Explorer on Windows XP.
The available cipher suites on Windows XP are: