.htaccess for SSL via SNI to prevent the certificate-error for unsupported browsers. Always share http links and https will be used if supported. Otherwise the connection will be http. SNI is not supported on IE on Windows XP (5 - 8) and Android < 4.x __Important Note__ Don't use this .htaccess if you need HTTPS for all your clients. It is just …

.htaccess

# HTTP(S) Stuff
# Redirect all users except IE 5-8 & Android < 4 to HTTPS
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_USER_AGENT} !MSIE\ [5-8]
RewriteCond %{HTTP_USER_AGENT} !Android.*(Mobile)?\ [0-3]
RewriteRule (.*)  https://%{HTTP_HOST}/$1   [L]

Awesome! 👍
But I like DEUTSCHSkript even better.

I think it's better...:
(MSIE [1-6]\.|MSIE [78]\.\d\; Windows NT 5\.|Android.*(Mobile)?\ [0-2]\.)

for Japan, it's better (include non-SNI Japan cell-phones):
(MSIE [1-6]\.|MSIE [78]\.\d\; Windows NT 5\.|UP\.Browser\/|DoCoMo/\d\.|SoftBank\/\d\.|Android.*(Mobile)?\ [0-2]\.)

and for IIS (note that this is example):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="HTTP → HTTPS (if SNI OK)" stopProcessing="false">
                    <match url="^(.*)$" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" />
                        <add input="{HTTP_USER_AGENT}" pattern="(MSIE [1-6]\.|MSIE [78]\.\d\; Windows NT 5\.|Android.*(Mobile)?\ [0-2]\.)" negate="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
                </rule>
                <rule name="HTTPS → HTTP (if SNI NG)" stopProcessing="false">
                    <match url="^(.*)$" />
                    <conditions>
                        <add input="{HTTPS}" pattern="on" />
                        <add input="{HTTP_USER_AGENT}" pattern="(MSIE [1-6]\.|MSIE [78]\.\d\; Windows NT 5\.|Android.*(Mobile)?\ [0-2]\.)" negate="false" />
                    </conditions>
                    <action type="Redirect" url="http://{HTTP_HOST}/{R:1}" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

meaku - thanks for this! Any chance you can help me add a line so Windows Phone 8.1 / Nokia Lumia 1020 (NOKIA 909) so it will not be ssl? I have discovered an issue with the certificates on this phone. I also need a way to troubleshoot it - how do I add a line so I can see Internet Explorer 11 is or is not switching to https:// or http:// - Thanks!

I try the following and get no errors but it is not changing the ssl as I need - what am I missing?

# Redirect all users except windows phone 8 ... & Android < 4 to HTTPS
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_USER_AGENT} !windows\ phone\ 8\.
RewriteCond %{HTTP_USER_AGENT} !Lumia\ 1020
RewriteCond %{HTTP_USER_AGENT} !MSIE\ 11\.
RewriteCond %{HTTP_USER_AGENT} !Android.*(Mobile)?\ [0-3]
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L] 

y59, not everyone has access to the server config file, but many do have edit power over .htaccess. Therefore, how would you reformat your suggested code for use in .htaccess?