Random comment.... I frequently have to access online sites with obsolete protocol support (ie. someone, usually a Big Government Agency, on something ancient and obsolete but absolutely necessary). We'll even end up having to curl stuff and force ignoring of invalid, self-signed, or massively out of date certificates.... Not sure how much impact here it is (obviously, not secure), but we even are putting using FTP (gasp) from some places where there is no other option. Anyway, random comment about deprecating stuff. I know it's a pain to support old stuff, but.... (no use cases for curl I specifically know of right now, since we haven't audited the SSL versions of the data sources we have).

...waiting for someone to show up who pays for OpenSSL 1.x extended support.