Re: @HildyJ - "We decided on a global fallback"
It looks you never worked on network and system devices - it's a while most of them are browser based for management and monitoring (plus - but not always - a CLI, but some tasks are simpler via the UI) - and many of them won't see upgrades to their firmware to support newer TLS standards.
Most of them are not internet facing, and many may even be on separate management VLANs.
There could also be a lot of SOHO gear which may not longer be accessible. Many "smart managed" switches may have a web interface but not a CLI.
One solution would be to revert to plain HTTP when possible. Is that what Mozilla wants?