This is one of our two last remaining non-forward-secret ciphers, which we'd like to eliminate as soon as reasonably possible. It's also the subject of the SWEET32 birthday attack due to being a 64-bit (block size) cipher, which we've mostly-mitigated in other ways for now (shortened session key lifetimes).

The only statistically-significant browser which relies on this cipher to communicate with us is IE8-on-XP, which is long-unsupported (over 2 years now) and horribly insecure, so any motivation we can give users to get off of this browser is a net win for everyone involved.

Currently this cipher amounts to ~0.17% of all requests to our sites (and has been slowly declining for some time), and we've been running a very limited campaign for a while now which redirects a very small percentage of those requests (filtered down to just /wiki/ pageviews on the desktop sites, and only 1% odds) to the information at https://wikitech.wikimedia.org/wiki/HTTPS:_Browser_Recommendations . Because of technical limitations, we can't scale up that redirect much without having a better mechanism in place. IE8-on-XP is too old for CentralNotice JS to function correctly, so CN isn't really an option for campaigning here.

Users which cannot move off of the underlying Windows XP operating system can install the latest Firefox easily and use that to connect to us with much more secure cipher choices, so there is a fairly painless path forward for these users.

The plan of action here is this: