As a rule of thumb, the older a protocol, the more likely it is to be broken in some way -- and the more urgently it needs to be replaced with a successor. Secure Sockets Layer has had a replacement for years, but only now are we getting around to ditching SSL, mainly because disaster struck.
SSL was designed to provide cryptographic protection for application-layer connections like HTTP, but its last public revision was in 1996. A replacement protocol, Transport Layer Security appeared three years later, and its widely used 1.2 version landed in 2008. But SSL itself remained in use, in big part as a backward-compatibility measure. Consequently, all major browsers have continued to support SSL even if it’s used in only 0.3 percent of the transactions conducted today (according to Mozilla).
Now we have as good an incentive to ditch SSL altogether as there could be: The infamous POODLE attack, for which the best mitigation measure is to get rid of SSL -- period. Mozilla and Google are now doing that, meaning any enterprises that used SSL internally for whatever reason also need to ditch it, stat. Maybe backward compatibility isn’t all it’s cracked up to be.