- https://bugzilla.wikimedia.org/show_bug.cgi?id=20643 -- Serve SSL/HTTPS
sites out of same domain names as HTTP access: https://en.wikipedia.org/
This'll need more work as it has to deal with the offsite proxies, multiple domains, etc. But it's been on the slate for a long time and we did some live experiments in 2007 that looked positive; if done it'll make the SSL views of the site friendlier to use, and smart session/cookie management could keep people form having to manually bounce themselves between SSL and non-SSL links.
This is the only reliable way of doing HTTPS, and will be the method I use to attack this problem. Basic SSL termination should work fairly well with this, but we will likely need to do some network trickery to make this work as we want. We don't want to run the SSL termination on the same hardware as our non-SSL proxies, as we'd have to optimize for two different workloads, so we are currently looking at doing this as a separate cluster.
I don't have a timeframe for completion, but I hope to work on this at some point soon.
- Ryan