Redirect browser based on non-negotiable SSL/TLS protocol or cipher

I don't think that it is a workaround, if the server first negotiates the best cipher it can and then decides based on the quality of the cipher which page to serve to the client, e.g. the secure page or the fallback page for insecure ciphers. On this fallback page it can provide information about the problem or redirect the client to other information.

I don't see any advantages to build something like this into a future version of TLS, because it is much better to provide these information with a less secure cipher than not encrypted at all, like it would be done if the negotiation failed completely.

But it would be nice if servers added support for easy use of this behavior, e.g. a way to distinguish between secure and less secure ciphers and make it easy to add error pages for the latter case. And of course all want that SSLabs and others can detect this behavior so they don't get bad marks when supporting insecure ciphers just for this error messages.

Tags:

Ssl

Redirect