I've researched this up the wazoo but to no avail. I have a page internally that requires TLS 1.1 or 1.2. If they're not on, you get an error:
This page can’t be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://SITEADDRESS again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.
Obviously the fix is to turn on those cipher suites in IE. However what I would like to put into the page is a check, to preload something from the site, make sure it's visible/readable/loadable/whatever, then allow the user to move forward, OR, if whatever it is I'm checking cannot be rendered/read/etc, direct them elsewhere.
So what I've tried was doing a PHP file_get_contents of the SAME address
<?php
$contents = file_get_contents('https://SITEADDRESS');
echo "<pre>";
var_dump($contents);
echo "</pre>";
?>
However, it ends up being able to pull the page code and dump it out?!?!!? Which means it CAN access the page, yet, I know it can't because I get a TLS error when trying to load it normally.
The question is, how can I precheck a URL with TLS as a consideration before forwarding the user on to a page that might not render?
It appears you're mixing server-side and client-side.
I assume PHP is running server-side, and it definitely will not be affected by IE's (which I'm assuming is running client-side) choice of ciphers.
If that doesn't make sense, let me know and I'll give further utterance...
If I'm understanding correctly, you want your own logic running on the client (IE) to detect if the client (IE) can reach the URL.
You could try firing an asynchronous request via Javascript (e.g. https://api.jquery.com/jquery.get/ )
YMMV, I'm not sure if IE will pass the TLS error into your Javascript code or not. Assuming it does, you should be able to at least handle any error events (arising from the Javascript HTTP request) and assume the client should not try to proceed.
Loading this file in the head...
<script type="text/javascript" src="https://SITEADDRESS/api/start_session.js"></script>
Then checking for the existence of variable BG, where BG is a var from the loaded file. IF BG is undefined (doesn't exist) then something blocked access to the external domain and as such show/hide the DIV's appropriately so the user is never sent to the wrong site!
window.onload = function() {
if (typeof BG !== 'undefined') {
document.getElementById('test1').style.display = 'block';
document.getElementById('test2').style.display = 'none';
} else {
document.getElementById('test1').style.display = 'none';
document.getElementById('test2').style.display = 'block';
}
};