Can I support weak ciphers in web server level but restrict access to the application when someone uses weak ciphers?
No you should not do that. This is a process where web server supports connection with weak ciphers but application informs that user can not continue unless they change their browser and come establish a new connection with a stronger cipher. These ciphers are called as “Weak Ciphers” because they feasible crackable with a decent computing power. Basically a data transmitted over weak ciphers are highly vulnerable to cracking. Therefore an attack can sniff this data then crack and view transmitted data later. This is dangerous because depending on the application, it might transfer cookies in these weak cipher used connections, (obviously including cookies those marked as secure). Even though application will inform to user that they can not keep using application this first request will send HTTP request over non-SSL connection and an attacker can see this request. An attacker can be for victim to do this first request over another website in many different ways such as iframe. It’s
