Regarding old software, I'd say the problem is being overblown. You don't need to touch any of them. If the service is HTTPS only and the client is HTTP only, the obvious solutions is to have a proxy in the middle, converting between the two.
For example: "Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code."
The kinds of projects and organizations that will suffer the most from forcing HTTPS are ones like those under government research umbrellas which require vast amounts of paperwork to do something as simple as setup an SSH key so rsync can be used. That pales in comparison to the amount of paperwork required to do something like install a new piece of software or setup a new server. On top of that, such changes are not budgeted for, so you end up with highly educated and trained people, who ought to be doing their research or actually making progress in their work, spending time fixing artificial problems that ought to be handled by dedicated staff. This wastes taxpayer dollars and leads to personnel burnout.
Why? All because some memo-writer in Washington said, "There's no such thing as insensitive web traffic!"
It's easy to make these proclamations when you have no part in fixing the fallout.
For example: "Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code."
https://www.stunnel.org/