Ideally, Microsoft, Google, Apple, and Firefox would gang up and all disable ciphersuites lacking DHE/ECDHE in their current browsers. Short of that, one browser disabling them would be viewed as "broken" and would lose marketshare.
Well, the browsers could disable non PFS ciphers by default. When a site doesn't match any PFS cipher list, show a pop-up with a way to add an exception for the site.
Much more graceful than a complete switch-over and doesn't require co-ordination from other vendors.
https://www.ssllabs.com/ssltest/analyze.html?d=www.bankofame...
https://www.ssllabs.com/ssltest/analyze.html?d=chaseonline.c...
https://www.ssllabs.com/ssltest/analyze.html?d=online.citiba...
https://www.ssllabs.com/ssltest/analyze.html?d=us.hsbc.com&s...
https://www.ssllabs.com/ssltest/analyze.html?d=online.wellsf...
Ideally, Microsoft, Google, Apple, and Firefox would gang up and all disable ciphersuites lacking DHE/ECDHE in their current browsers. Short of that, one browser disabling them would be viewed as "broken" and would lose marketshare.