It looks like the update has quietly appeared on the APC web site here. It is dated May 15th and if you look at the filename of the download, it is "apc_hw02_aos390_rpdu374.exe". AOS 3.9.0 is definitely new - the build string is "05/11/2015 14:45:05".

This new AOS version appears to only exist for the RPDU application at this time. Both the G2ATS and SUMX/SY downloads still show the older 3.7.x AOS versions. APC said they were working on the ATS version. Perhaps there will also be a new version for SUMX/SY, as the APC site still shows the AP9618 as a current product.

This works as expected in Internet Explorer 11 (the SSL version of the page displays with no warnings).

In Firefox 38.0.5, you will get a "ssl_error_no_cypher_overlap" with the default Firefox security settings. I was able to work around this by going to "about:config" and changing the "security.tls.version.fallback-limit" from 3 to 1 as described here. Note that if you are security-conscious, you won't take the word of some random person from the Internet (me) and will research this yourself (or check with your corporate IT people). There will be a gray warning triangle to the left of the URL which tells you "encryption is not strong enough" if you click on it.

In Google Chrome 43.0.2357.81 I get a red strikethrough slash in the https: part of the URL, but the page displays properly. If I click on the lock icon, I get two warnings, one for "encrypted with obsolete cryptography" and one for "no public audit records" (the second is due to my use of a private CA and you probably will not see it).

In any event, this update does seem to restore SSL operability with the above browsers. It should be secure enough for local / intranet use (you probably don't want these devices accessible via the whole Internet anyway) and is definitely better than unencrypted pages.