== What is happening? == Secure connections to RCStream[1] currently use an SSL/TLS certificate[2] specific to stream.wikimedia.org. To streamline certificate management, we are moving RCStream behind our misc caching cluster, which will allow us to use the wildcard certificate[3] for *.wikimedia.org, making the RCStream-specific certificate redundant. This will reduce operating costs and improve performance in certain cases.
== When will this happen? == June 23rd.
== How could this affect me? == This change requires updating the DNS record for stream.wikimedia.org. We do not expect any service disruptions. It is conceivable (but unlikely) that you will need to restart your client. If your client is based on one of the published examples[4], you should be fine. If you are not sure, feel free to get in touch with me (ori@wikimedia.org).
If you are connecting to RCStream over an insecure (http) connection, now would be a great time to migrate to https. http access to RCStream will eventually be disabled; migrating now will protect you from any interruptions down the line. In most cases, making your client use https is as simple as prefixing 'stream.wikimedia.org' with 'https://'. Sample client code on Wikitech[4] has been updated.
== How can I track this work? == By following https://phabricator.wikimedia.org/T134871.
[1]: https://wikitech.wikimedia.org/wiki/RCStream [2]: https://en.wikipedia.org/wiki/Public_key_certificate [3]: https://en.wikipedia.org/wiki/Wildcard_certificate [4]: https://wikitech.wikimedia.org/wiki/RCStream#Clients