Enable full HTTPS redirecting old-client to an outdated page, explaining how to upgrade the browser
This ticket, related to #18500, is to enable full HTTPS redirecting old-client to an outdated page, explaining how to upgrade the browser .
The goal is simple: a) no *.videolan.org should be serving any file in HTTP in clear text. b) all legacy clients, such as IE6, IE8, Java, Android 2.3 supporting SSLv2, SSLv3, TLS 1.0 should be served in HTTPS an outdated information page, explaining how to improve the security of their device, in order to download safely VLC.
An interesting approach to do that is described on the Qualys forum, leveraring $ssl_protocol version checking to detect and then force outdated clients to receive over an "unsafe HTTPS ciphers" (yet HTTPS, in order to abandon HTTP) an information page explaining how to improve.
It's a valuable resource and responsibility to inform those end-users, whose device are being exploited by any kind of malware, of the risks they are experimenting and how to improve their web browsing.