show a message to the user that to use TLS only in the browser
That step seems unnecessary, since SSL support in browsers is already being deprecated fast. Also, if your target audience isn't a technically sophisticated one, they will struggle to understand what that means, and how to change that setting.
Overall, this two-phase approach seems misguided. I don't see a big benefit of keeping SSL active on the server at this point, and the huge downside that you're opening yourself up for attack (which IMO overrides whatever benefits there may be).