SSL/TLS encrypts your traffic between you and a server but by itself doesn't prevent your ISP from snooping some information about your encrypted connection. If you aren't using Secure DNS & DNSSEC, they may be able to see and intercept your DNS queries. If you don't use TLS 1.3, they can see the SSL certificate of the website you are connecting to. If you don't encrypt your Server Name Indication (SNI), they can see the hostname of the server you are connecting to.
This all allows your ISP to figure out which websites you are connecting to and this can be used to prevent you from accessing certain websites, sell your browsing history to an advertising agency, etc.
This all allows your ISP to figure out which websites you are connecting to and this can be used to prevent you from accessing certain websites, sell your browsing history to an advertising agency, etc.
You can read more about it here: https://www.cloudflare.com/ssl/encrypted-sni/
P.S. I don't work for Cloudflare.