@thomas because TLS/SSL is a complex suite of protocols. Even yesterday @work I had a problem with two endpoints (very new software and slightly oldish device) could not communicate because they could not agree on TLS ciphers.

I am all for the use of strong encryption but making it mandatory breaks interoperability. I want to have a fallback option, which is not possible today with HSTS and sites redirecting HTTP to HTTPS.

Even old Android phone from maybe 4 years ago may not work anymore.

@saper Yes it sounds like there is no backward compatibility set up. ie x will not communicate with a client that supports only TLS v1.0 and/or TLS v1.1.

I think it's fair if they want to drop due to obsolete platforms ie Android 4.0-4.3, IE on Vista etc would also have problems.

@superruserr TLS v1.2 has a method to fall back to TLS v1.0, v1.1 if the other guy does not support it.

The problem is the list of ciphers that is offered in Client/ServerHello messages.

@saper Yes, that would be the ciphers that is the problem.

@superruserr @saper

Then of course there are protocol downgrade attacks so one way or another we can’t have nice things. 😨