On Wed, Oct 15, 2014 at 11:11 AM, Mark Bergsma <mark@wikimedia.org> wrote:

I think if we can't allow secure HTTPS by keeping SSL 3.0 enabled, we
should probably disable it even if it breaks a small number of
requests. 1.5% doesn't seem insignificant though. Obviously we'd need
to communicate that very well, as we don't seem to have good options
for doing any sort of fallback to HTTP. I guess it also depends on
what the public awareness of this issue will be...

I should clarify that the 1.5% figure there is http+https combined (I think) so the actual figures for https will be lower.

In practical terms I think no https would mean not being able to edit as a registered user, anon edit still works over http.

+1 to clearly communicate this, perhaps on the "https entry points" e.g. login button at least while http is still the default.