This article points to a weakness in a widely used protocol. There are some good remarks in the comments section:
"Someone must have thought, “hang on a mo”, because there is an existing TLS extension as the article says. Trouble was, that someone wasn’t everyone …
Tricky thing to get rid of widely implemented old cruft. With no one being “in charge”, no one can force all the implementers to change all at once. Do it unilaterally and you simply end up with a non-interoperable product (which is a sales disaster!). Seems the only way things quite like this get fixed is when they get seriously broken, like this.
Which makes me wonder, how many other security sensitive protocols are there that are both widely implemented and slightly aged?"