Suggestion: make settings more secure by default, then those who need legacy support can downgrade as required; i.e., the PW back-end default to the Mozilla Security/Server Side TLS Intermediate compatibility and the PW agents default Mozilla Security/Server Side TLS Modern compatibility ; then those who need legacy support can downgrade security using similar method to guidance above if required. (This can also be made into a selectable item in the agent installer/config if desired; e.g., "HTTPS encryption strength" "standard security" and "legacy support")