If anyone is making *new* client software that's http-only, it's their fault when it breaks.
-
-
Removing support for old TLS versions and cipher seems like a good thing to me. But that only happens on the client then?
-
Unless server is using TLS to authenticate the identity of the client (client certs), server has no reason to disallow old versions/ciphers.
-
If you are using TLS to authenticate identity (as a client does of the server), downgrade attacks are a threat to that.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.