Jun 18 2015
Jun 14 2015
Jun 13 2015
I noticed that HSTS was enabled for English Wikipedia following the announcements here. But why is the max-age only 1 day? Is that just for now while we test it out?
It is good to be careful but I am sure the WMF will keep the servers listening on HTTP and serve 301 redirects to HTTPS.
May 10 2015
Information: Mozilla announced plan to deprecate Non-Secure HTTP: https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
Apr 17 2015
I see. Just for your reference, the English Wikipedia community had a discussion (https://en.wikipedia.org/wiki/Wikipedia:Village_pump_(proposals)/Archive_120#Should_Wikipedia_use_HTTPS_by_default_for_all_readers.3F) about this and while many points were made on both sides, the conclusion from that community was that this issue is to be decided by the WMF/developers. So good luck with your analysis, and I hope that any possible issues can be resolved soon so that we can make the switch in the near future. Thanks.
I see that the HTTPS infrastructure is now able to serve HTTPS-by-default (https://www.mediawiki.org/w/index.php?title=Wikimedia_Engineering%2F2014-15_Goals&diff=1535407&oldid=1519260). That's great! Any updates on the actual implementation? Thanks.
Mar 28 2015
That's great to hear! Thanks.
Mar 25 2015
Just to let everyone know, HTTPS traffic to desktop Wikimedia sites is no longer blocked in China. However, HTTPS to the mobile sites is still disrupted. I say this from personal experience, but here is a site to back it up: https://en.greatfire.org/https/en.wikipedia.org
Dec 15 2014
While there is not an official consensus yet, there are currently 12 supports and 0 opposes at the English Wikipedia Village Pump.