Hi all,
Since January 2020, Wikimedia has not served traffic to browsers which do
not support TLS 1.2 [0]. We would like to bump basic MediaWiki software
stack support to exclude those very old browsers as well.
Our MediaWiki core, extensions and skins basic browser support matrix still
includes some end-of-life browsers published between 2007 and 2013 that are
only supporting the now insecure ciphers of TLS 1.0 and 1.1.
We've gathered stats [1] emphasizing the relatively small access
expectations. Now we want to push software stack support to align to those
browser versions already in place as minimum in Wikimedia hosted
MediaWikis.
We're continuing to provide support for browsers published from 2013 on!
Note that Internet Explorer 9 and 10 are unaffected by this proposed change
as well for the moment. See the specific list on task. [1]
What's to win:
A great number of design and layout features (CSS, SVG and WAI-ARIA, see
the list [2]) which we currently just exceptionally use in some products or
via extra effort, performance impacting hacks and workarounds, and
maintenance on the developer side.
Current support is slowing down some advances in Desktop Improvements and
other front-end work.
What's to lose:
Possible layout issues in third party MediaWikis still targeting those
end-of-life browers. Content access should be untouched there.
If there are no objections within the next 10 days, we're going to amend
the support matrix with aforementioned TLS 1.2 supporting browsers as the
minimum.
Please let us know about any objections or further inputs, preferably on
task.
Thanks and best regards,
Volker
[0] - https://phabricator.wikimedia.org/T238038
[1] - https://phabricator.wikimedia.org/T238038
[1] - https://phabricator.wikimedia.org/T266866
[2] - https://phabricator.wikimedia.org/T266866#6591703
---
Volker E.
Lead UX Engineer
Desktop Improvements/Design System
Wikimedia Foundation