But older operating systems and browsers, such as Windows XP, may no longer support updates to newer encryption levels, said Erlin. And more encryption requires more processing power, leaving older mobile devices, mostly used in developing countries, too jammed up to handle secure browsing.
That may leave users with phones older than five years with an error message when they try to access sites that don't offer un-encrypted versions — a decision that varies for each individual site, Erlin said.
SHA-2 support in Western Europe and North America is universally more than 99 percent, according to new CloudFlare research. But closer to 5 percent of Internet users in countries like China, Cameroon, Yemen, Sudan, Egypt and Libya user browsers without SHA-2 support.
"When you trade in your cellphone in a country like United States, those cellphones make their way to the developing world," Matthew Prince, co-founder of CloudFlare, told CNBC's "Squawk Alley" on Monday. "And those phones are ending up in the hands of people who now won't be able to access parts of the encrypted Internet."
Worldwide, a population roughly the size of California doesn't have the needed support, CloudFlare estimates.
"Unfortunately, this list largely overlaps with lists of the poorest, most repressive, and most war-torn countries in the world," CloudFlare wrote. "In other words, after Dec. 31, most of the encrypted Web will be cut off from the most vulnerable populations of Internet users who need encryption the most. And, unfortunately, if we're going to bring the next 2 billion Internet users online, a lot of them are going to be doing so on secondhand Android phones, so this problem isn't going away anytime soon."
Read MoreOn encryption, big tech isn't budging