You wrote an article which does a great job of explaining a number of things. My only question (comments appear to be closed so I could not post there) is the SNI – do you find that there are many people using browsers that are old enough that the SNI creates a problem? I have looked over the list of incompatibles and it does not seem to be that much of a risk, but I thought you might have more concrete information since you’ve been using the setup.
This relates to how I set up my SSL certificates, which is to use Server Name Indications and have multiple certs on one server with one IP. And the question is “Do we care about the old browsers?”
Let me quote my coworker.
IE8 is EOL, XP is EOL. We can’t support things forever.
XP makes up most of the sites that have issue with SNI so I’ve only found 0.006% of my visitors impacted.
Yes, I did that math properly. I checked it a couple times.
No. I’m not worried about SNI and I don’t care. We can’t support old things forever.