== What is happening? ==
Secure connections to RCStream[1] currently use an SSL/TLS certificate[2]
specific to
stream.wikimedia.org. To streamline certificate management, we
are moving RCStream behind our misc caching cluster, which will allow us to
use the wildcard certificate[3] for *.wikimedia.org, making the
RCStream-specific certificate redundant. This will reduce operating costs
and improve performance in certain cases.
== When will this happen? ==
June 23rd.
== How could this affect me? ==
This change requires updating the DNS record for
stream.wikimedia.org. We
do not expect any service disruptions. It is conceivable (but unlikely)
that you will need to restart your client. If your client is based on one
of the published examples[4], you should be fine. If you are not sure, feel
free to get in touch with me (ori(a)wikimedia.org).
If you are connecting to RCStream over an insecure (http) connection, now
would be a great time to migrate to https. http access to RCStream will
eventually be disabled; migrating now will protect you from any
interruptions down the line. In most cases, making your client use https is
as simple as prefixing 'stream.wikimedia.org' with 'https://'. Sample
client code on Wikitech[4] has been updated.
== How can I track this work? ==
By following
https://phabricator.wikimedia.org/T134871.
[1]:
https://wikitech.wikimedia.org/wiki/RCStream
[2]:
https://en.wikipedia.org/wiki/Public_key_certificate
[3]:
https://en.wikipedia.org/wiki/Wildcard_certificate
[4]:
https://wikitech.wikimedia.org/wiki/RCStream#Clients