Firefox Nginx configuration problem

It is solution for some sites. But what if user with old browser visit https? Showing security error isn’t solution.

If Android 2 + HTTPS compatibility is really needed (but I am against it), how about supporting DHE just for making it possible to redirect users back to HTTP? This would limit the power consumption caused by 4096-bit DH which is required for 100% key exchange rating.

Or just support TLS_RSA_WITH_AES_128_CBC_SHA. Though this would downgrade Forward Secrecy from green “With most browsers ROBUST” to simple “With modern browsers”, wouldn’t affect grade and rating scores.

To be clear - Android 2+ isn’t important, and IE on XP.