On Wed Aug 21, 2024 at 10:15 AM PDT, Brett Cornwall wrote:
The Wikimedia Foundation uses HTTPS to protect users from eavesdropping and tampering of Wikimedia project pages [1]. As time passes, security protocols gain advancements while weaknesses hamper established protocols. WMF monitors such developments and adjusts ciphers/protocols to provide a secure and performant browsing experience.Wikimedia projects serve RSA and ECDSA certificates; RSA certificates will be removed soon. Wikimedia projects are to serve only ECDSA certificates going forward [2]. RSA certificate usage comprises a fraction of traffic (~0.1%). Additionally, RSA continues weakening in security and increases our cost/overhead of certificate issuance (We pay twice for certificates: Once for ECDSA and once for RSA).
[...] Over the last month we served occasional warning pages to browsers connecting via the RSA certificates. We increased the frequency of such warnings over time; Today, all affected users will be receiving that error page. Next Monday, 2024-12-02, the RSA certificates will be removed and clients that do not support ECDSA will experience connectivity issues.
signature.asc
Description: PGP signature
_______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
