The only way I know is recognizing a finite present-day set of crappy http-only User-Agents, forcing https redirect for everything else.
I'm not aware of any good reason for server implementations to remove ciphers from the (non-authenticated) client's choice of ciphers.
-
-
You just need to protect against MITM downgrade attacks.
-
Removing support for old TLS versions and cipher seems like a good thing to me. But that only happens on the client then?
-
Unless server is using TLS to authenticate the identity of the client (client certs), server has no reason to disallow old versions/ciphers.
-
If you are using TLS to authenticate identity (as a client does of the server), downgrade attacks are a threat to that.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.