On Mon Dec 2, 2024 at 1:16 PM PST, Brett Cornwall wrote:
On Mon Nov 25, 2024 at 6:05 PM PST, Brett Cornwall wrote: > On Wed Aug 21, 2024 at 10:15 AM PDT, Brett Cornwall wrote: > > The Wikimedia Foundation uses HTTPS to protect users from eavesdropping > > and tampering of Wikimedia project pages [1]. As time passes, security > > protocols gain advancements while weaknesses hamper established > > protocols. WMF monitors such developments and adjusts ciphers/protocols > > to provide a secure and performant browsing experience. > > > > Wikimedia projects serve RSA and ECDSA certificates; RSA certificates > > will be removed soon. Wikimedia projects are to serve only ECDSA > > certificates going forward [2]. RSA certificate usage comprises a > > fraction of traffic (~0.1%). Additionally, RSA continues weakening in > > security and increases our cost/overhead of certificate issuance (We pay > > twice for certificates: Once for ECDSA and once for RSA). > [...] > > Over the last month we served occasional warning pages to browsers > connecting via the RSA certificates. We increased the frequency of such > warnings over time; Today, all affected users will be receiving that > error page. Next Monday, 2024-12-02, the RSA certificates will be > removed and clients that do not support ECDSA will experience > connectivity issues.Removal was scheduled for today but we're going to move it to tomorrow for timing purposes. Thanks for your patience!
As of this hour, RSA certificate support has been removed.
signature.asc
Description: PGP signature
_______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
