Affected components: MediaWiki core, all skins/extensions, Wikimedia Foundation product, third-parties.
Since January 2020, Wikimedia has not served traffic to browsers which do not support TLS 1.2 (T238038).
It doesn't really make sense to maintain Grade C support just for third party wikis that might be using very old browsers. Third parties can use MediaWiki 1.35 (LTS) until September 2023.
As mentioned in T262946#6512792, this means increasing our requirements to:
- Firefox 27+ (released 2014-02); from 3+
- Versions from 24+ can be configured to use TLS 1.2, but this is a very advanced feature, and they may not have the correct ciphers.
- Chrome 31+ (2013-11); from 1+
- 29+ has TLS 1.2, but not the correct ciphers
- Safari 9+ (2015-09, also grade A); from 3+
- 7+ has TLS 1.2, but not the correct ciphers
- Opera 18+ (2013-11); from 15+
- 16+ has TLS 1.2, but not the correct ciphers
- iOS (Safari) 9+ (2015-09), from 6.1+);
- 5+ has TLS 1.2, but not the correct ciphers
- Android 4.3+x browser (Chromium 89 WebView) or Google Chrome for Android or other browsers like Firefox Android; from 3+
- Ed: Not sure if we need to list individual users of Chromium WebView
IE 9-10 would be untouched by this, as both versions can be enabled to support TLS 1.2.
Opera 12 would have been able to support it too, but has already fallen out of basic support.
Focussing on Firefox, Chrome, Safari and Opera as biggest of the mentioned ones here, stats are all access restricted at turnilo.wikimedia.org:
Page views Jan 2020-Feb 2021. Jan 2020 as the TLS change and restricted access took place around there.
|Firefox 3-26 page views|
Firefox 3-26 between 2.1 and 5.4 million out of 3.6 to 4 billion total per weeks of 2021.
|Chrome 1-30 page views|
Chrome 1-30 between 1.6 and 1.8 million out of 3.6 to 4 billion total per weeks of 2021.
|Safari 1-7 page views|
Safari 1-7 between 550k and 770k out of 3.6 to 4 billion total per weeks of 2021.
|Opera 15-17 page views|
Opera 15-17 between 2 and 17 (!!) views out of 3.6 to 4 billion total per weeks of 2021.
Extended motivation, or what would this enable us
Following features would now be fully supported (HTML, CSS, SVG, WAI-ARIA, PNG, WOFF, only excluding JS features as Grade A specifics) without hacks, workarounds or fallbacks:
- Audio element
- CSS3 Background-image options
- CSS3 Border-radius (rounded corners)
- Canvas (basic support)
- Text API for Canvas
- contenteditable attribute (basic support)
- CSS background-position edge offsets
- CSS3 Box-shadow
- CSS Counters
- ::first-letter CSS pseudo-element selector
- CSS first-line pseudo-element
- CSS position:fixed
- CSS Generated content for pseudo-elements
- letter-spacing CSS property
- CSS3 Media Queries
- CSS namespaces
- CSS3 Opacity
- CSS 2.1 selectors
- CSS3 selectors
- CSS Table display
- CSS3 Colors
- CSS currentColor value
- Document Object Model Range
- @font-face Web fonts
- naturalWidth & naturalHeight image properties
- CSS inline-block
- Selection controls for input & textarea
- CSS min/max-width/height
- MP3 audio format
- CSS3 Multiple backgrounds
- PNG alpha transparency
- readonly attribute of input and textarea elements
- Server Name Indication
- Inline SVG in HTML5
- SVG in HTML img element
- tabindex global attribute
- CSS3 Text-overflow
- Video element
- WOFF - Web Open Font Format
- XHTML served as application/xhtml+xml
The following would become at least partially supported:
- :indeterminate CSS pseudo-class
- AAC audio file format
- autocomplete attribute: on & off values
- calc() as CSS unit value
- ch (character) unit
- Cross-Origin Resource Sharing
- CSS3 word-break
- defer attribute for external scripts
- disabled attribute of the fieldset element
- maxlength attribute for input and textarea elements
- rem (root em) units
- SVG effects for HTML
- SVG in CSS backgrounds
- Viewport units: vw, vh, vmin, vmax
- WAI-ARIA Accessibility features
- X-Frame-Options HTTP header