You are not logged in.
I have an Apache server configured using the default httpd-ssl.conf for SSL/TLS.
If I go to mydomain.com, SSL doesn't work. However, if I go to https://mydomain.com, SSL works fine.
I've seen things that use RewriteEngine to forward all HTTP traffic to HTTPS. However, I've set up my httpd.conf to allow only very secure encryption algorithms and only TLS 1.2. If I use a RewriteEngine, older browsers won't be able to access the website at all.
Is there any way to make Apache use HTTPS by default on browsers that support the encryption required by the server and have it fall back to HTTP if the browser doesn't support it?
(The goal is to not have to explicitly type https:// for SSL but still allow older browsers to access the website over HTTP).
Offline
Totally unknown with respect to web hosting.
Maybe it's just a browser problem. Perhaps you should write a small script for the http domain to check for supported browsers and redirect those to the https part?
fs/super.c : "Self-destruct in 5 seconds. Have a nice day...\n",
Offline
It shouldn't be a browser problem, as it happens in both Firefox and Chromium.
I'll look into making a script that auto-HTTPSs based on the browser, but currently OwnCloud can auto-HTTPS so there's not much of a problem.
Offline
If I use a RewriteEngine, older browsers won't be able to access the website at all.
How do you figure?
First thing, when you specify http in a browser, it's going to connect using port 80. https will use port 443.
Without a redirect, how do you expect a browser to automatically use port 443?
Or are you wanting the apache to do TLS over port 80?
Offline
I thought that browsers would automatically use https when available. I always type bbs.archlinux.org, not https://bbs.archlinux.org, and it always uses https without me specifying it.
Since the server is configured to use only TLS 1.2 and a few very strong ciphers, older IE/FF/Chrome versions wouldn't be able to use the website if a RewriteEngine was used, because it would be forced to use a protocol which it wouldn't support.
Now that I think of it, sites like this probably use a redirect too so my question isn't really valid.
Offline
An easy way to test is with curl and the option to view headers only.
$ curl -I http://bbs.archlinux.org
HTTP/1.1 301 Moved Permanently
Server: nginx/1.4.5
Date: Sun, 23 Feb 2014 17:01:12 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: https://bbs.archlinux.org
As you can see, the server is redirecting the user agent (broswer) to use https.
Offline