But how do you do that? You'd have to have a non-https based landing page and then redirect to spdy based on user agent. If you actually care about SSL, the non-SSL landing page is an attack vector.
You could serve up HSTS records via http, which IE on XP doesn't support either. That'll ensure that all of your repeat visitors use https directly.
Also, many sites still serve up their unauthenticated homepages via http only, and such sites should have no problem checking for IE on XP and providing a link that'll work.
Depending on the nature of your traffic and how it arrives (e.g. via integration with third-party sites via scripts you've written), you might also have the opportunity to provide the appropriate fallback links to users before they ever reach your site for the first time.
And all of the above assumes you have enough IE-on-XP users to not just write them off entirely.
