User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0 Build ID: 20171028100423 Steps to reproduce: When discussing the removal of 3DES, example like this site were brought up as compatibility reason why it couldn't be disabled: https://www.ssllabs.com/ssltest/analyze.html?d=client00.chat.mibbit.com&latest (in case this changes later: currently it shows rating "F" due to the abysmal server configuration) While I understand people still need to use such sites, I don't understand AT ALL why this needs to be rewarded the green padlock to allow people to do that. The very minimum for such super broken sites should be that while they might be still allowed to work, is a super clear indication that communicating with them is nevertheless most likely NOT notably safe. Therefore, I suggest you sit down and make a list of the ciphers that are actually regarded safe by industry standards, then for the others show a broken padlock like HTTP or something else that indicates that while connecting is possible, it is not safe. The proper operation of a useful security indicator (green padlock) shouldn't be thrown out of the window entirely just because some folks can't keep their server configurations up-to-date.

This is bug 942136 but the other way around, so I think I can safely dupe :)