On Tue, Feb 15, 2011 at 9:35 PM, MZMcBride <[email protected]> wrote: > Well, as someone else somewhat noted in this thread, Aryeh isn't completely > correct. The Toolserver has external APIs and services that are used via > JavaScript from Wikimedia wikis. More information is available about the > Toolserver here: <https://wiki.toolserver.org/view/FAQ>.
I had the toolserver in mind when I worded my post. It's run by Wikimedia Deutschland, which for our purposes is *not* an external site. If working HTTPS for everything on the toolserver were needed, we could arrange that easily. > I appreciate you sharing your experience. Part of the resourcefulness of > this list is learning how others have implemented solutions, including > understanding what worked well and what didn't and why. Seconded. On Wed, Feb 16, 2011 at 5:26 PM, Platonides <[email protected]> wrote: > Wouldn't each page view mean a connection, and a ssl handshake? Or are > you thinking on keep-alives? As I understand it, both clients and servers will cache TLS handshakes across connections, because they're so expensive. TLS has the notion of sessions, and allows resuming from a session if both parties remember the shared secret from that session. I have no idea how good the cache hit rate is in practice. I doubt it would last thirty days, which is how often most regular users presumably log in, but I'd be surprised if it didn't last at least the length of a browsing session. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
