In this case, I think it's wise to sacrifice compatibility with a 13-year-old operating system in order to improve transport security. Still, it would be nice to have some kind of a negotiated fallback option where a site can offer an older SHA-1 certificate to a client that requests one.
