TLS compatibilities
SSL Labs has a nice comparison of user agent (TLS client) capabilities at https://www.ssllabs.com/ssltest/clients.html.
Note that all recently revised user agents can handle TLS 1.2 (obviating the need for older TLS protocols when observation of a web site's clientele demonstrates the UAs are indeed all compatible).
If one looks at individual UAs in that same comparison, it shows that recent ones can negotiate the stronger (i.e., AEAD+EDH) cipher suites. Those which cannot are likely quite old and equally likely lack the ability to negotiate TLS 1.2, and can be accommodated (if actually present in the clientele) by a configuration that offers the older, weaker, TLS protocols and cipher suites. The newer UAs will negotiate the stronger combinations.¹
As for HSTS, its use should be promoted, as it forces the web site operator to ensure that information is always delivered over TLS, and modern browser support is broad (https://caniuse.com/#search=hsts).
¹ See, e.g., https://www.ssllabs.com/ssltest/viewClient.html?name=Apple%20ATS&version=9&platform=iOS%209&key=112 for a particularly aggressive stance.
Biting the hand that feeds IT
