0

How do I redirect those browsers that do not support TLS 1.2 to a page that'll explain the situation to them.

JasonGenX
  • 522
  • 1
  • 5
  • 16
  • According to http://blog.varonis.com/ssl-and-tls-1-0-no-longer-acceptable-for-pci-compliance/ TLS 1.1 is acceptable for those browsers. – ceejayoz Oct 01 '15 at 17:36
  • that's not my question. My question is how do I redirect those without TLS 1.2 to a web page where they can find out why they can't access. – JasonGenX Oct 01 '15 at 18:10

2 Answers2

3

Unless the clients are accessing the site with regular HTTP before trying to go to HTTPS they will not be able to be redirected. The webserver will not be able to create a successful encrypted channel so the client would not be able to obtain any redirect.

Bad Dos
  • 643
  • 3
  • 9
  • So what's can be done that'll catch all http and https calls and redirect them to where they are told they must have TLS 1.2? I can't believe nothing can be done. – JasonGenX Oct 02 '15 at 16:33
1

Here you go. Edit as needed.

// If the user is using an older version of TLS

if ($ssl_protocol != "TLSv1.2") {
  return 302 /outdated;
}
bentek
  • 2,235
  • 1
  • 15
  • 23