The principle, the theory is always good. The protocols are implementations, and often implementations are badly done. See with all versions of SSL/TLS prior to TLS 1.3
There is no inherent reason that this is true, other than the fact that in order for primitives to be widely use they go through a open vetting process.
Encryption primitives rarely fail. The protocols build on top of them seem to consistently fail.