No, it’s actually a lot smaller than that because that percentage excludes DNS-01 validation. As well, that’s the current set that negotiated an RSA cipher - at least in my testing many of those servers will negotiate something else if the deprecated ciphers aren’t present, so an even smaller fraction of that will actually break.
5 Likes