On Wed, Oct 15, 2014 at 5:32 AM, Antoine Musso hashar@free.fr wrote:
Le 15/10/2014 12:23, Filippo Giunchedi a écrit :
<snip> > I should clarify that the 1.5% figure there is http+https combined (I > think) so the actual figures for https will be lower. > > In practical terms I think no https would mean not being able to edit as > a registered user, anon edit still works over http. > > +1 to clearly communicate this, perhaps on the "https entry points" e.g. > login button at least while http is still the default.
That would prevents those users from logging in entirely since by default users have the preference 'prefershttps' set.
Worse, we always require https on the form that accepts the user's password. So all logins for IE6+XP users will be broken.
Updating the hook would be possible. Probably better than not turning off ssl3 to the main sites though. What about just running a banner on the site for IE <6 users, telling them that ssl is disabled and soon they won't be able to login at all, we disable ssl3, and we temporarily put the CanIPUseHTTPS hook in to not force IE <6 users to https. After 90 days or so, we pull that part out of the hook, and IE6 users just have to deal with not being able to login?
A workaround would be to hook in CanIPUseHTTPS to look for the user agent and thus indicate that the IP can not use https which would skip the redirect to a HTTPS login page.
-- Antoine "hashar" Musso
Ops mailing list Ops@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/ops