Post-Quantum fate of HTTP-only and invalid HTTPS

[temmokan]

There are still many sites/devices either using pure HTTP, or using HTTPS with self-signed (and, usually, expired) SSL certificates.

Before telling me it's time to replace those antiques with something modern:
- HTTP site may be run by someone who doesn't plan to use HTTPS, and/or ignores such inquires
- HTTPS-using device may be impossible to replace (and they aren't always that ancient)

So please tell me whether my assumptions are correct.

1. HTTP-only sites. There's no way to override FF 57 behavior on refusing posting data (at least password fields) over HTTP.

Possible workaround: creating HTTPS front-end that uses HTTPS and passes requests to underlying HTTP site.

2. HTTPS-sites using invalid SSL certificates: there's no way to override FF 57 behavior of refusing opening such sites.

I'd like to understand whether I have to use older FF versions (such as ESR) or different browsers (those allowing forcing browser to use protocol user chooses and/or ignoring SSL-related errors).

Please don't tell me of security risks etc etc etc. I know there are; the reality, however, can force to live with devices that do not comply with security ideals observed by FF developers.

[Brummelchen]

1 firefox dont refuse sending passwords over http - its just a message that sending over http is not secure. too complicated?

2 ofc, just set exclusions if possible.

for more go https://support.mozilla.org/ please.