Reply to comment:

Mat
According to ssllabs you are still supporting 3DES on Windows XP with IE8: https://www.ssllabs.com/ssltest/analyze.html?d=stat.ripe.net So has the proposed change actually been rolled out? On another note, why are yourself still using a certificate which is signed with SHA1?