hi all!
In the hope i'm not clubbing a diseased donkey, i'd like to share an idea i ran across: we could use the RC4-128 cypher for secure.wikimedia.org, instead of AES256. RC4 is reportedly a lot faster (3 to 4 times the throughput). Since CPU capacity for encryption has been mentioned as one of the problems with making secure.wikimedia.org reliable, I thought it might help.
Note that even though the use of RC4 in WEP led to WEP being broken, RC4 is still fine for use with SSL. The attacks that broke WEP don't apply there http://www.rsa.com/rsalabs/node.asp?id=2009, http://blog.ivanristic.com/2009/08/is-rc4-safe-for-use-in-ssl.html. Google and BankOfAmerica, among others, seem to trust in this :)
-- daniel