[jeroenhd]

I agree with you in the case of old encryption methods (plain DES, RC4, NULL cipher) but not all protocol problems are because of the lack of a recent encryption algorithm.

There's heaps of old modems that use a weak DH key and will never see a firmware update. You're left with either accessing the device insecurely over HTTP, hoping your ISP will send you a new one (good luck with that) or paying for your own modem which will probably never be allowed on the ISPs network.

Weak DH keys should not be that hard to keep in the code base yet still most browsers will present an impassable TLS error screen.

[CorpusCalcium]

Those modems should no longer be being used, period. If someone cannot afford a replacement and has an incompetent ISP incapable of providing them with a subsidized replacement, then that is a separate problem that needs addressing as soon as possible.

Perpetuating it won't do, and if in doing so we're perpetuating a larger impending security issue, then we need to resolve it stat, not defer everything because there is heaps of old hardware lying around.

That may be easy to say and harder to resolve, but there comes a time when problems need to be resolved. Maybe that won't be 2020, if the desired timeline proves unrealistic, but two years is plenty of time to move on it. It generally takes far longer to deprecate and remove protocols from the web than it does to get a replacement modem.