I was thinking Haproxy could be used to block any non-TLS connection.... Like you can with iptables: https://blog.g3rt.nl/take-down-sslv3-using-iptables.html
However it would be nice if you had users trying to connect via IE6/7 etc on XP to display a nice message like, please upgrade to a secure browser chrome or firefox etc? Is that easy to do? -- Regards, Malcolm Turnbull. Loadbalancer.org Ltd. Phone: +44 (0)330 1604540 http://www.loadbalancer.org/
