How can I configure apache to redirect user to a non ssl page, if the TLS connection negotiation fails (i.e. they don't agree on a common SSL protocol with supported cipher)
It is using mod_ssl, apache : 2.4.6
I understand that it doesn't even make connection when it fails to agree on something common to establish TLS connection, so serving response with header redirect isn't a straight option
You can't. If a browser accepted a redirect from an unauthenticated (read: likely impostor) website after it failed to make a secure connection to the actual secure website, I'd be livid. That would be a pretty dire security flaw.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments