Similar to the /sec-warning page used to warn our users regarding 3DES deprecation (T147199) we need to issue a similar one regarding AES128-SHA deprecation.
Sadly this time it's harder to link the affected users to an specific browser version. As seen by the data captured on T193376, the single device with biggest affectation is the Sony PlayStation 3 followed by a long tail of smartphones using ancient TLS implementations. We also have to consider the number of users with up-to-date browsers inadvertently using AES128-SHA because their IT administrators deployed some kind of Deep Packet Inspection layer on their networks.
We need to provide a easily translatable message to inform our users, something like:
Wikipedia is tightening its security measures, please update your device or contact your IT administrator
or we could be a little bit more specific on this message (but it's going to be harder to translate):
Wikipedia is dropping non forward secrecy cipher suites, please update your device or contact your IT administrator