: How to let users know that the site is available over HTTPS? My websites are now available over HTTPS, but I don't want to make that the default at this point: My canonical URLs are still

@YK1175434

You could simple make a button/link with a text like "This site is in https, click here to view via https", maybe add a little warning "might not function 100%".

Https Everywhere works with a whitelist. Can't find how-to real quick, but this rulsets page might help. I'm not aware of any preference or setting in the browser. You can't send a header "https, if you want". You're the webmaster, you decide.
You don't need to suggest a protocol to the browser, they'll try their best method automaticaly (e.g.: FF/Chrome will choose TLS over SSL )

You might want to use ssllabs.com/ssltest/analyze.html?d=example.com to check your configs, protocol support and suggestions how to improve.



offtopic (before the edit, with SSL and HTTPS wrongly used interchangeable):
SSL is not really supported anymore. The POODLE attack is again SSLv3, the solution is turning off SSL3. "But wait! Than what do I use, SSLv3 is the lastest version, should I go back to v2?!"

Nope. Modern browsers support TLSv1.0 to TLSv1.2 (1.0 has broad support, 1.1 and 1.2 not yet).
It's fairly safe to turn off SSL, forcing browser to TLS (which, again, is the first try of mordern browsers anyways).
The only browser which is gonna have a problem with that is: IE6.


An https connection can be established via SSL (but really shouldn't), or
An https connection can be established via TLS (this is preferred)

Vote Up Vote Down