A few weeks ago I upgraded a single SSL termination server to Ubuntu Precise. I let it run for a while to ensure we wouldn't see memory leaks and to give time for people to report errors. No issues were reported and resource consumption was good, so today I upgraded all other nodes. This upgrade eliminates our vulnerability to the CRIME attack and also allows us to use HTTP 1.1 to the backends from nginx. Testing for HTTP 1.1 will follow soonish.
If you notice any new HTTPS oddities, let me know.
- Ryan
wikitech-l@lists.wikimedia.org