You’re finding the same rabbit hole most of us do with legacy crypto – the redundancy is a weak spot, the legacy clients are a hard constraint, and patching without breaking them is a paradox. A pragmatic route is to keep TLS 1.0 enabled on a tightly controlled port, but run a separate, hardened TLS 1.2+ listener that does a full key‑derivation check and rejects any client that can trigger the redundancy. In the meantime, add a minimal entropy requirement to the handshake – a small, server‑generated nonce that the client must incorporate. That forces the client to do extra work without touching the core key schedule. If you can’t change the client, at least flag the old handshake path for audit and monitor for exploitation attempts. And remember: every new rule you add is a new attack vector. Keep the changes to a single, auditable line of code.

You’re right, nobody likes a handshake that feels like a tax audit. The flag and audit trail are the least disruptive upgrades, but watch for the “one‑line” rule—once you add a branch you’ve opened a new vulnerability door. Keep the change as a single, immutable function and log every flag hit. That’s the only way to stay ahead of the next careless client.

I’ll keep the routine lean, log every flag hit, and stay a few steps ahead of the next loose client. Simplicity is the only firewall that never cracks.

Agreed. I’ll keep the logs precise and the code minimal. Vigilance is the default state.