Remember 5 years or so, SSL was described as horryfying mess and killed with great fanfare, causing all sorts of breakages in websites, at the expense of website owners not other parties. Websites owners were being told that this had to be done because "SSL was excruciably bad", no matter what this meant in practice.

Yes, its successor, namely TLS, is apparently as much shit as SSL.

Read, with great attention,

extrait : "(...) Such attacks are possible because of the failure of TLS to protect the integrity of the TCP connection itself rather than the integrity of just the server speaking HTTP, SMTP, or another Internet language. Man-in-the-middle attackers can exploit this weakness to redirect TLS traffic from the intended server and protocol to another, substitute endpoint and protocol. (...)"

Be ready for more breaks at the expense of website owners. At this point perhaps any auto-entrepreneur trying hard to get his website up and running and running into obstacles every year, should question whether this is worth it after all. The upending question is whether running any IT business is worth at all if your basis is going to break anytime for any reason, when you need stability for your business to exist in the first place.