Seems we had the protocols listed explicitly (to disable SSL2) and TLS1.1/1.2 weren't available in the past when we were using Ubuntu 10.04. We've been on 12.04 for a while, but the protocol list wasn't updated. I'm pushing an updated config now. Thanks for letting us know!


On Mon, Jul 29, 2013 at 11:43 AM, Greg Grossmeier <greg@wikimedia.org> wrote:
Hi 0x0000,

<quote name="0x0000" date="2013-07-28" time="23:35:19 +0200">
> hi,
> recently i tested several sites who are using https, most of them
> communicate with my chromium-webbrowser over TLS 1.1, but
> wikipedia/wikimedia still is using TLS 1.0.
> ssllabs (see link below) shows a warning notice that you should
> upgrade to the newer version, i dont think there is a urgent
> security reason for this but even if its only preventive upgarding
> wouldn't be wrong, right?
>
> example:
> https://encrypted.google.com/ TLS 1.1
> https://mega.co.nz/ TLS 1.1
> https://www.ixquick.com/ TLS 1.1
> https://btc-e.com/ TLS 1.1
> https://www.wsws.org/ TLS 1.1
> https://linksunten.indymedia.org/ TLS 1.1
> https://en.wikipedia.org TLS 1.0
> https://commons.wikimedia.org/ TLS 1.0
> https://www.taz.de/ TLS 1.0
> https://duckduckgo.com/ TLS 1.0
>
>
> https://www.ssllabs.com/ssltest/analyze.html?d=https://en.wikipedia.org
>
>
> hopefully at the right mailinglist, greetings 0x0000@anche.no

In this reply I just included wikitech-l@lists.wikimedia.org, which is
probably a better place than the Wikidata specific mailing list.

Best,

Greg

--
| Greg Grossmeier            GPG: B2FA 27B1 F7EB D327 6B8E |
| identi.ca: @greg                A18D 1138 8E47 FAC8 1C7D |

_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l