For all practical purposes, https is dead. There is no way browsers will carry around the hundreds of thousands of possibly-stolen-so-unsafe certificates fingerprints (to consider these tainted/revoked). The only way forward is probably to move away to an incompatible protocol. And if possible, cure some of the X509 wrong ways.

# wtf? with the binary blob:
here$ cat /etc/X11/xorg.conf
Section "Device"
        Identifier "nVidia Corporation GeForce 8600 GTS rev 161"
        Driver "nvidia"
        BusID "PCI:1:0:0"
                Option "RandRRotation" "on"
EndSection
here$ xrandr -o 1
(turns his head to the right)