* michael.holstein@csuohio.edu (Michael O Holstein) [Fri 17 Jul 2015, 21:14 CEST]:
making 99% of the web secure is better than keeping an old 1% working A fine idea, unless for $reason your application is among the 1% .. nevermind the arrogance of the "I'm sorry Dave" sort of attitude.
Why do you upgrade your management systems asynchronously to your applications? You bring this on yourself.
As an example .. we have a vendor who, in the current release (last 3 months) still requires "weak" ciphers in authentication responses. That was mostly okay until another vendor (with more sense) wanted to auth the same way but only permitted strong ciphers.
Why do you access mission-critical systems that are provably insecure from systems that also have internet access? If it's not mission-critical, then you should explain why you haven't dumped that vendor yet for shipping insecure software - an insecurity that is very easy to mitigate by them, should they have chosen to. -- Niels.