Not sure if what I want to do is possible but currently I am redirecting
all HTTP/80 traffic to HTTPS/443 with the statement in the virtual host
section
Redirect / https://server.domain.com/
This works very nicely and redirects the traffic from HTTP to HTTPS
However I have run into a problem with older Android tablets,
specifically 7.0 or older and a "Let's Encrypt" certificate (see -
https://community.letsencrypt.org/t/letsencrypt-certificates-fails-on-android-phones-running-android-7-or-older
)
The data that is being served has no sensitivity so I can remove the
encryption altogether but I'd rather keep as much encrypted as possible.
I think I have 3 options
1) disable all forced encryption for this virtual host, if the client
chooses HTTPS I can serve it as HTTPS
2) is it possible to redirect traffic to HTTPS and if the certificate
comes back as unknown/invalid have the client reconnect via HTTP?
3) identify the Android version and either redirect to HTTPS if it is
>7.0 or leave it as HTTP if it is <= 7.0
I don't know about the feasibility of 2 or 3, I think once the client
fails with an unknown certificate the client then simply goes away and
reports an error to the user. Item #3 I don't think is known until
after the client successfully negotiates SSL.
Thoughts (other than telling users to dump 8yr old Android tablets)???
Thanks, Jeff
--
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
