Switching production traffic to Apache Traffic Server
The plan to replace Varnish as the on-disk HTTP cache component of our CDN with Apache Traffic Server is starting to take shape.
Wikipedia goes 100% Forward Secret
On August 1st, we finished up a 6 week transition process which eliminated the last non-forward-secret cipher supported by our TLS termination, which was bare AES128-SHA. This change guarantees that all TLS connections to Wikipedia and its sister projects use cipher suites that provide forward secrecy. Wikipedia is the first major high-traffic site to take this step.
Traffic is the sub-team of the Wikimedia Foundation's Site Reliability Engineering team that takes care of our public facing edge network. Some of the things we manage at the public edge include: TLS connection termination and policy, content caching, internal request routing, remote PoPs, Internet peering, global load balancing, and authoritative DNS.