Keep in mind that Mountain Lion is a lot older than Mojave. If I go to SSL labs and test DarkSky.net, it shows a "protocol mismatch" for Mountain Lion and older, which is exactly what I saw with the widget:

https://www.ssllabs.com/ssltest/analyze.html?d=darksky.net&s... (scroll down to "not simulated clients" and click "expand).

I don't actually understand that much about the internals of https, but my assumption is that there weren't any cipher suites supported by both DarkSky and Mountain Lion.

It's not cipher suites it's the entire TLS protocol version.

That site requires exactly TLS 1.2 (not newer or older)

So an HTTPS implementation like Mountain Lion that only speaks TLS 1.1 or earlier will begin by saying it can do TLS 1.1 and the server says too bad, go away.

TLS 1.2 was defined in about 2008 but despite that a lot of products shipped without TLS 1.2 implemented for the next several years, because backwards compatibility meant they still worked, and it didn't seem like a priority, while forward compatibility had frequently proved problematic. Why ship something "more secure" that breaks for 1% of your users?

For example Firefox only added TLS 1.2 by default in 2014, after Mountain Lion was shipped (but before it ceased to be supported).

Wow, that's really cool. Googling around it appears that Mountain Lion wasn't upgraded to TLSv1.2 so any website that upgraded to TLSv1.1 broke on pre-Yosemite. I didn't realize this. Very interesting.

> any website that upgraded to TLSv1.1 broke on pre-Yosemite.

Tiny addendum, what I saw was different by one version: DarkSky worked fine in Mavericks, just not Mountain Lion.