Weak authentication algorithm may be choosen by browser even if stronger one is supported by server.
vulners.com/securityvulns/securityvulns:doc:9233
vulners.com/securityvulns/securityvulns:doc:9717