Is it safe for an end user to browse a Web site that only supports TLSv1 (or other unsecured encryptions or protocols), in the following cases:
- it is a publicly accessible website without sensitive or private data
- it does not require connection, login, or other user data.
So, for all intents and purposes, let's assume that the website is meant to be a
http: // site, but has an SSL certificate that is obsolete by modern security standards.
And by safe, I mean that they're not open to a type of exploit, other than MITM of course. By exploit here, I mean that there is no way to use a bad SSL certificate to install malware on their computer, right?