Hi,
On Thu, Jun 25, 2015 at 10:38 AM, Deryck Chan deryckchan@wikimedia.hk wrote:
Recently Wikimedia sites switched to https-only for privacy reasons
I think the reasons are a bit more complex (and numerous) than that.
and the https certificate has been updated to prevent access altogether where a secure connection couldn't be established.
What does this mean? anyway, I don't think it's accurate. (maybe you mean the 301 or maybe you mean HSTS? neither of those relates to the certificate)
This is a problem because some schools and companies deliberately eavesdrop https for monitoring purposes by inserting an in-house https certificate. Wikimedia's switch to https-only is preventing people from such networks from even *reading* Wikipedia.
This snooping is probably unnecessary and unwarranted. (and probably also not comprehensive. people can find ways to tunnel. e.g. https://packages.debian.org/sid/iodine )
Others have speculated about this place may have something misconfigured. (e.g. how did it ever work for bank sites?) Anyway, I'll wait for you to provide more details and establish this is a real problem and not the client's problem before discussing it any further.
Is there a compromise that can be sought?
I don't think so.
-Jeremy