Anyone have a good list that's been developed for TLS Exclusion?

Thanks for the replies! I have only done a test group so and that seems to work well. I was just thinking of all the possibilities here and trying to gauge how bad this is going to be. Are users constantly asking at the beginning that kind of thing.
I seems using the self signed cert is more beneficial for long term now that "real" certs have to be changed out so frequently. Is that the method most are using?

Based on what Bill is saying we are in the know on the DPI engine having problems? I def cannot knowingly activate this if there are known issues with sites dropping or similar. Honestly it seems like such a huge undertaking that I am not surprised.

Following restrictions announced by Apple about improving security on the web, the international regulation of SSL certificates is changing. The Certificate Authorities (CA) have agreed to reduce the lifetime of an SSL certificate to 12 months maximum. This measure will take effect September 1, 2020.

Thanks for the replies! I have only done a test group so and that seems to work well. I was just thinking of all the possibilities here and trying to gauge how bad this is going to be. Are users constantly asking at the beginning that kind of thing.
I seems using the self signed cert is more beneficial for long term now that "real" certs have to be changed out so frequently. Is that the method most are using?

Based on what Bill is saying we are in the know on the DPI engine having problems? I def cannot knowingly activate this if there are known issues with sites dropping or similar. Honestly it seems like such a huge undertaking that I am not surprised.

Following restrictions announced by Apple about improving security on the web, the international regulation of SSL certificates is changing. The Certificate Authorities (CA) have agreed to reduce the lifetime of an SSL certificate to 12 months maximum. This measure will take effect September 1, 2020.