https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #44 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 157789 merged by Dzahn:
gerrit: Enable StrictTransportSecurity max-age=7days
https://gerrit.wikimedia.org/r/157789
--
You are receiving this mail because:
You
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #43 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 157789 had a related patch set uploaded by Chmarkine:
gerrit: Enable StrictTransportSecurity max-age=7days
https://gerrit.wikimedia.org/r/157789
--
You are
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #41 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 148289 merged by Dzahn:
OTRS - raise max-age for STS to 1 year
https://gerrit.wikimedia.org/r/148289
--
You are receiving this mail because:
You are the
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #42 from Daniel Zahn dz...@wikimedia.org ---
OTRS (ticket.wikimedia.org) - now This server supports HTTP Strict Transport
Security with long duration. (1 year)
--
You are receiving this mail because:
You are the assignee for the
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #40 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 148285 merged by Dzahn:
bugzilla - raise max-age for STS to 1 year
https://gerrit.wikimedia.org/r/148285
--
You are receiving this mail because:
You are the
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #36 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 148285 had a related patch set uploaded by JanZerebecki:
bugzilla - raise max-age for STS to 1 year
https://gerrit.wikimedia.org/r/148285
--
You are receiving
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #37 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 148289 had a related patch set uploaded by JanZerebecki:
OTRS - raise max-age for STS to 1 year
https://gerrit.wikimedia.org/r/148289
--
You are receiving this
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #38 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 148290 had a related patch set uploaded by JanZerebecki:
wikitech - raise max-age for STS to 1 year
https://gerrit.wikimedia.org/r/148290
--
You are receiving
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #39 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 148290 merged by Andrew Bogott:
wikitech - raise max-age for STS to 1 year
https://gerrit.wikimedia.org/r/148290
--
You are receiving this mail because:
You
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #35 from chmark...@hotmail.com ---
Bugzilla: https://gerrit.wikimedia.org/r/#/c/148285/
OTRS: https://gerrit.wikimedia.org/r/#/c/148289/
Wikitech: https://gerrit.wikimedia.org/r/#/c/148290/
--
You are receiving this mail because:
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #34 from Jan Zerebecki jan.wikime...@zerebecki.de ---
Yes, I think after no known issues with HSTS being enabled with 7day max-age
for 7 days, it makes sense to extend it. I don't know of any reason not to use
1 year. So lets go
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #33 from chmark...@hotmail.com ---
Could we now raise the max-age to 1 year or longer?
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #28 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 145495 had a related patch set uploaded by Krinkle:
StrictTransportSecurity for OTRS
https://gerrit.wikimedia.org/r/145495
--
You are receiving this mail
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #29 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 145491 had a related patch set uploaded by Krinkle:
Enable StrictTransportSecurity for wikitech
https://gerrit.wikimedia.org/r/145491
--
You are receiving this
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #30 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 145491 merged by Andrew Bogott:
Enable StrictTransportSecurity for wikitech
https://gerrit.wikimedia.org/r/145491
--
You are receiving this mail because:
You
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #31 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 145495 merged by Dzahn:
StrictTransportSecurity for OTRS
https://gerrit.wikimedia.org/r/145495
--
You are receiving this mail because:
You are the assignee for
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #32 from Daniel Zahn dz...@wikimedia.org ---
Just enabled it on OTRS a minute ago.
11:21 mutante !log OTRS - enabled STS, updated SSL cipher list, restarted
Apache on iodine
--
You are receiving this mail because:
You are the
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Daniel Zahn dz...@wikimedia.org changed:
What|Removed |Added
CC||dz...@wikimedia.org
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #26 from Daniel Zahn dz...@wikimedia.org ---
Wikitech: https://gerrit.wikimedia.org/r/#/c/145491/2
OTRS: https://gerrit.wikimedia.org/r/#/c/145495/
--
You are receiving this mail because:
You are the assignee for the bug.
You are
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Gerrit Notification Bot gerritad...@wikimedia.org changed:
What|Removed |Added
Status|NEW
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #27 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 145500 had a related patch set uploaded by Dzahn:
StrictTransportSecurity for lists.wm.org
https://gerrit.wikimedia.org/r/145500
--
You are receiving this mail
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
chmark...@hotmail.com changed:
What|Removed |Added
CC||chmark...@hotmail.com
---
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #22 from fn...@outlook.com ---
bugzilla.wikimedia.org, wikitech.wikimedia.org and lists.wikimedia.org require
HTTPS connections. Could we enable HSTS on these domains first?
--
You are receiving this mail because:
You are the
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #23 from Jan Zerebecki jan.wikime...@zerebecki.de ---
Yes, enabling those first is fine. The patch for bugzilla is at
https://gerrit.wikimedia.org/r/#/c/127256/ .
--
You are receiving this mail because:
You are the assignee for
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Andre Klapper aklap...@wikimedia.org changed:
What|Removed |Added
See Also|
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Andre Klapper aklap...@wikimedia.org changed:
What|Removed |Added
See Also|
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Andre Klapper aklap...@wikimedia.org changed:
What|Removed |Added
See Also|https://bugzilla.wikimedia. |
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #21 from Andre Klapper aklap...@wikimedia.org ---
*** Bug 67303 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
fn...@outlook.com changed:
What|Removed |Added
CC||fn...@outlook.com
--- Comment #20
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Jan Zerebecki jan.wikime...@zerebecki.de changed:
What|Removed |Added
Status|PATCH_TO_REVIEW |NEW
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #19 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 132393 had a related patch set uploaded by MZMcBride:
Improve nginx TLS/SSL settings.
https://gerrit.wikimedia.org/r/132393
--
You are receiving this mail
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Gerrit Notification Bot gerritad...@wikimedia.org changed:
What|Removed |Added
Status|NEW
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Bug 38516 depends on bug 35313, which changed state.
Bug 35313 Summary: SSL cert invalid for bugzilla.wikipedia.org redirect
https://bugzilla.wikimedia.org/show_bug.cgi?id=35313
What|Removed |Added
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Nemo federicol...@tiscali.it changed:
What|Removed |Added
CC||federicol...@tiscali.it
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Bug 38516 depends on bug 36126, which changed state.
Bug 36126 Summary: *.mobile.wikipedia.org domains are using invalid SSL
certificate
https://bugzilla.wikimedia.org/show_bug.cgi?id=36126
What|Removed
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Bug 38516 depends on bug 36126, which changed state.
Bug 36126 Summary: *.mobile.wikipedia.org domains are using invalid SSL
certificate
https://bugzilla.wikimedia.org/show_bug.cgi?id=36126
What|Removed
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #16 from dkee...@mozilla.com ---
(In reply to comment #10)
Let's assume we need to turn off HSTS for a really great reason, like a
country
being blocked on HTTPS. How would those users get the expired header if they
can't reach
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #17 from Ryan Lane rlan...@gmail.com ---
(In reply to comment #16)
(In reply to comment #10)
Let's assume we need to turn off HSTS for a really great reason, like a
country
being blocked on HTTPS. How would those users get
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #18 from Tyler Romeo tylerro...@gmail.com ---
(In reply to comment #16)
The weak point of HSTS is the first connection. By doing this, there would be
many more first connections for things to go wrong.
Yeah, this would be the
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #10 from Ryan Lane rlan...@gmail.com ---
(In reply to comment #9)
Note that you can disable HSTS at any point by sending the header with an
expiry that already expired (similar to how it's done with cookies). This is
what
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Phillip Patriakeas dragonlordofxant...@gmail.com changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #12 from Ryan Lane rlan...@gmail.com ---
(In reply to comment #11)
Adding bug 35313 and bug 36126 as blockers per comment 4 (how is there no
tracking bug for invalid SSL certs?). I may be misunderstanding Roan's
comment,
though,
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #13 from Phillip Patriakeas dragonlordofxant...@gmail.com ---
(In reply to comment #12)
We're no longer serving invalid certs.
Okay, guess I should've actually read them. Sorry about that. =X
--
You are receiving this mail
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Tyler Romeo tylerro...@gmail.com changed:
What|Removed |Added
CC||tylerro...@gmail.com
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Andre Klapper aklap...@wikimedia.org changed:
What|Removed |Added
Blocks||35079
--
You
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
dkee...@mozilla.com changed:
What|Removed |Added
CC||dkee...@mozilla.com
--- Comment
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Andre Klapper aklap...@wikimedia.org changed:
What|Removed |Added
Priority|Unprioritized |Low
--
You are
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #1 from MZMcBride b...@mzmcbride.com 2012-07-20 06:42:07 UTC ---
I think you'd do this at the Squid level. The Squid configuration is in
Wikimedia's git repo somewhere...
--
Configure bugmail:
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Krinkle krinklem...@gmail.com changed:
What|Removed |Added
CC||krinklem...@gmail.com,
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Sam Reed (reedy) s...@reedyboy.net changed:
What|Removed |Added
Severity|normal |enhancement
--
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #3 from Ryan Lane rlan...@gmail.com 2012-07-20 21:58:15 UTC ---
We can turn it on by default for logged-in users right now. We can easily
handle that load.
To enable it for all users we'd need to expand the cluster so that every
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Roan Kattouw roan.katt...@gmail.com changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #5 from Ryan Lane rlan...@gmail.com 2012-07-20 22:28:24 UTC ---
(In reply to comment #4)
(In reply to comment #3)
We can turn it on by default for logged-in users right now. We can easily
handle that load.
You should
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #6 from Roan Kattouw roan.katt...@gmail.com 2012-07-20 22:30:18
UTC ---
(In reply to comment #5)
Eh? Since when are we serving incorrect certificates? Do you mean for mobile?
https://wikipedia.com
https://wikipedia.net
https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #7 from Ryan Lane rlan...@gmail.com 2012-07-20 22:34:50 UTC ---
(In reply to comment #6)
(In reply to comment #5)
Eh? Since when are we serving incorrect certificates? Do you mean for
mobile?
https://wikipedia.com
55 matches
Mail list logo