I ordered something online yesterday, and checked the cipher settings. Turns out my bank doesn't have PFS, and a well-known French payment provider (Paybox) even uses the insecure RC4 cipher.
If the browsers let users who click on the padlock know that it's insecure, the providers would have an incentive to upgrade.
If the browsers let users who click on the padlock know that it's insecure, the providers would have an incentive to upgrade.
For Firefox, people have reported bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=956744
https://bugzilla.mozilla.org/show_bug.cgi?id=947149
but they don't seem to be getting much attention. Hopefully Heartbleed will help speed things up.