There is one hard wall that stops very old clients from connecting: Not supporting a new enough version of TLS. TLS 1.2 is from 2008, and TLS 1.3 is from 2018. Web browsers older than 2008 can't connect to modern websites since TLS 1.0 and 1.1 were deprecated from web servers in 2021.

▲

Telaneo 2 hours ago | parent [-]

I still think it's worth it to provide connections over plain HTTP for this reason. It probably doesn't apply to many people, and you shouldn't allow anything really important to happen over plain HTTP (logins, payment), but normal viewing should still be possible.

Sadly, the internet as a whole seems to disagree. Even the most useful resource on the web one could use over plain HTTP, Wikipedia, only allows connections over HTTPS. I guess it kind of made sense as part of the campaign to push the internet as a whole over to HTTPS, but anyone who's connecting to any website over normal HTTP these days is doing so because they literally can't use HTTPS.

	▲	zzo38computer 18 minutes ago \| parent \| next [-]
		I agree; you should allow non-TLS connections as well as TLS. (At least, access that does not require authentication should not require TLS, but should still allow it if that is what the client wants.) If you are concerned about accidental login or API keys without TLS, then you can consider supporting mutual TLS, which improves security (and flexibility) in other ways as well. (You do not necessarily, have to require mutual TLS, in case someone prefers to use a username/password login, or 2FA or something else like that instead.) (In the case of login forms, you can have the links to the login forms to always use HTTPS, in order to avoid the problem.)
	▲	alok-g 2 hours ago \| parent \| prev [-]
		Having HTTPS as mandatory it more mistake-proof.