We're updating our nginx config to remove some older/less secure cypher suites.
For the overwhelming majority of cases this shouldn't cause any issues, however, older versions of Windows (and very early versions of Windows 10) will not be able to negotiate a connection as there will be no cipher suites in common.
We're taking a "secure by default" approach but will allow users to downgrade the security of their deployment if the change causes them issues.
My question is ...
Can I get nginx to redirect to an error page if SSL negotiation fails?
[presumably over HTTP, although I could live with running a different, insecure, server/config to serve a single error file]
I note CloudFlare have adopted HTTP 525 to indicate "SSL negotiation failed" but in their case, they're 2-hop and are thus reporting their own failure to connect downstream, rather than handling a failure to connect to cloudflare itself, so I can't see any easy way to leverage this (plus it's non-standard).