Page MenuHomePhabricator

Clean up DNS/redirects for TLS
Closed, ResolvedPublic

Description

This is a meta-task to collect up all of the related tasks for dealing with various cases of legitimate, functional domainname endpoints that browsers can hit for insecure redirects currently, which do not match our SSL certs.

Related Objects

StatusAssignedTask
OpenBBlack
ResolvedBBlack
ResolvedArielGlenn
ResolvedChmarkine
ResolvedBBlack
ResolvedBBlack
ResolvedBBlack
ResolvedBBlack
ResolvedBBlack
ResolvedBBlack
ResolvedCCogdill_WMF
DeclinedBBlack
DuplicateBBlack
ResolvedBBlack
ResolvedNone
DeclinedKrinkle
ResolvedJgreen
ResolvedChmarkine
ResolvedBBlack
ResolvedKrenair
ResolvedJgreen
ResolvedRobH
DuplicateNone
ResolvedBBlack
InvalidNone
ResolvedBBlack
ResolvedDzahn
Resolvedezachte
ResolvedBBlack
ResolvedBBlack
ResolvedBBlack
ResolvedBBlack
ResolvedBBlack
ResolvedBBlack
ResolvedBBlack
ResolvedDzahn
ResolvedBBlack
ResolvedBBlack
ResolvedBBlack
ResolvedBBlack
ResolvedBBlack

Event Timeline

BBlack created this task.Jun 17 2015, 3:19 PM
BBlack raised the priority of this task from to Needs Triage.
BBlack updated the task description. (Show Details)
BBlack added projects: acl*sre-team, Traffic.
BBlack added a subscriber: BBlack.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 17 2015, 3:19 PM
BBlack added a subscriber: faidon.Jun 17 2015, 3:36 PM

I imagine https://gerrit.wikimedia.org/r/#/c/219228/1 is going to put us in a similar situation with T88731 (redirects in place, but invalid SSL certs getting in the way for encrypted requests)?

Restricted Application added a subscriber: Matanya. · View Herald TranscriptJul 6 2015, 5:27 PM
BBlack moved this task from Triage to In Progress on the Traffic board.Jul 9 2015, 10:08 PM
Joe triaged this task as Normal priority.Jul 13 2015, 2:11 PM
Joe set Security to None.
BBlack moved this task from In Progress to Up Next on the Traffic board.May 9 2016, 6:45 PM
BBlack closed this task as Resolved.Jul 27 2016, 7:05 PM
BBlack claimed this task.

The title wording is unclear, which is perhaps why this ticket lingered open. However, from the subtasks it's clear this was about exception cases within our canonical second-level domainnames. Non-canonicals and the remaining non-standard one-off legitimate sites are all covered in other, open tickets.