The Wikimedia Foundation uses HTTPS to protect users from eavesdropping and tampering of Wikimedia project pages [1]. As time passes, security protocols gain advancements while weaknesses hamper established protocols. WMF monitors such developments and adjusts ciphers/protocols to provide a secure and performant browsing experience.
Wikimedia projects serve RSA and ECDSA certificates; RSA certificates will be removed soon. Wikimedia projects are to serve only ECDSA certificates going forward [2]. RSA certificate usage comprises a fraction of traffic (~0.1%). Additionally, RSA continues weakening in security and increases our cost/overhead of certificate issuance (We pay twice for certificates: Once for ECDSA and once for RSA). In the distant future, WMF also intends on deprecating TLS 1.2 in favor of TLS 1.3 [3]. TLS 1.3 provides security and performance improvements and already comprises the majority of Wikimedia project traffic (TLS 1.2 traffic accounts for less than 4 percent of traffic to Wikimedia sites). Note that this deprecation is not scheduled anytime soon! We merely want to start coordinating with community members and projects to begin the transition. This mail only serves as a preliminary announcement of intent to eventually deprecate TLS 1.2, not as an official deprecation warning. [1] https://wikitech.wikimedia.org/wiki/HTTPS [2] https://phabricator.wikimedia.org/T370837 [3] https://phabricator.wikimedia.org/T367821
signature.asc
Description: PGP signature
_______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
