On Thu, Jan 4, 2024 at 7:15 PM Jeffrey Ross via users <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > Not sure if what I want to do is possible but currently I am redirecting > all HTTP/80 traffic to HTTPS/443 with the statement in the virtual host > section > > Redirect / https://server.domain.com/ > > This works very nicely and redirects the traffic from HTTP to HTTPS > > However I have run into a problem with older Android tablets, > specifically 7.0 or older and a "Let's Encrypt" certificate (see - > https://community.letsencrypt.org/t/letsencrypt-certificates-fails-on-android-phones-running-android-7-or-older > ) > > The data that is being served has no sensitivity so I can remove the > encryption altogether but I'd rather keep as much encrypted as possible. > > I think I have 3 options > 1) disable all forced encryption for this virtual host, if the client > chooses HTTPS I can serve it as HTTPS > 2) is it possible to redirect traffic to HTTPS and if the certificate > comes back as unknown/invalid have the client reconnect via HTTP? > 3) identify the Android version and either redirect to HTTPS if it is > >7.0 or leave it as HTTP if it is <= 7.0 > > I don't know about the feasibility of 2 or 3, I think once the client > fails with an unknown certificate the client then simply goes away and > reports an error to the user. Item #3 I don't think is known until > after the client successfully negotiates SSL. > > Thoughts (other than telling users to dump 8yr old Android tablets)??? There may be a 4th option... install LineageOS. Lineage is a fork of Android minus most of the Google specific stuff. Lineage will handle contemporary Let's Encrypt certificates, and will not run into trouble at the end of the year when LE drops support for the older Android devices. Cf., <https://letsencrypt.org/2020/12/21/extending-android-compatibility.html>. I've been using the custom Android forks dating back to CyanogenMod. In fact, LineageOS is a direct descendant of CyanogenMod from a 2016 fork. I just bought a new Samsung Galaxy S6 Lite on Amazon Prime day. The tablet is targeted for a LineageOS refresh as soon as I get some free time. Jeff -- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
