Comment Re: Figures (Score 1) 368
If you leave insecure connections open for XP clients, you are leaving insecure connections open for anyone as it's likely trivial for the client to say "Yeah, i'm using XP honest, gimme the insecure shit so I can hack away"
Even if you do find a way to leave the insecure protocols in place, it won't do much help as when TLS certificates expire from now onwards, you need to replace them with SHA-2 certificates (The main certificate vendors will no longer create SHA-1 certs for you going forwards). Good luck using an SHA-2 certificate with the XP SP2 SSL libraries
Hopefully all the XPs out there are on SP3 and this won't be an issue, but who knows. We are finding plenty of clients still using SP2 and we are just having to cut them off.
This stuff needs to be turned off, sucks to be an XP user. (I loved XP too, but all good things must come to an end).