On Tue, Feb 15, 2011 at 9:35 PM, MZMcBride z@mzmcbride.com wrote:
Well, as someone else somewhat noted in this thread, Aryeh isn't completely correct. The Toolserver has external APIs and services that are used via JavaScript from Wikimedia wikis. More information is available about the Toolserver here: https://wiki.toolserver.org/view/FAQ.
I had the toolserver in mind when I worded my post. It's run by Wikimedia Deutschland, which for our purposes is *not* an external site. If working HTTPS for everything on the toolserver were needed, we could arrange that easily.
I appreciate you sharing your experience. Part of the resourcefulness of this list is learning how others have implemented solutions, including understanding what worked well and what didn't and why.
Seconded.
On Wed, Feb 16, 2011 at 5:26 PM, Platonides Platonides@gmail.com wrote:
Wouldn't each page view mean a connection, and a ssl handshake? Or are you thinking on keep-alives?
As I understand it, both clients and servers will cache TLS handshakes across connections, because they're so expensive. TLS has the notion of sessions, and allows resuming from a session if both parties remember the shared secret from that session. I have no idea how good the cache hit rate is in practice. I doubt it would last thirty days, which is how often most regular users presumably log in, but I'd be surprised if it didn't last at least the length of a browsing session.