[nSLUG] Wikipedia changes/limits protocols?

Mike Spencer mspencer at tallships.ca
Tue Jul 14 02:02:56 ADT 2015


Dan Peterson <dpiddy at gmail.com> wrote:

> On Mon, Jul 13, 2015 at 3:56 PM, Mike Spencer <mspencer at tallships.ca> wrote:
>
>> I'd still like to know if Wikipedia is/has been/will be rejecting
>> SSLv2 requests --  if that's what's actually happening.
>
> They do not allow SSLv2 (or 3), see here, under Configuration:
>
> https://www.ssllabs.com/ssltest/analyze.html?d=en.wikipedia.org

That seems to answer my question exactly.  I would never have known how
to find that.

As it happens, at the moment Wikipedia is answering requests from the
same browser on which my query was based.  But your ref above suggests
it may be temporary or a fluke.

> No one should be using SSLv2 or 3, and ideally nothing TLS <1.2.

I visit exactly one site where I care about encryption.  I feel like
I'm being carded buying a Coke at the corner store when Wikipedia
forces me to upgrade to their idea of appropriate security.

> If you have things that only support SSLv2/3 I'd really recommend
> upgrading them.

Yeah, sooner or later I'll have to do that.  Looks like it may be
sooner.

Thanks, Dan, for your reply,
- Mike

-- 
Michael Spencer                  Nova Scotia, Canada       .~. 
                                                           /V\ 
mspencer at tallships.ca                                     /( )\
http://home.tallships.ca/mspencer/                        ^^-^^


More information about the nSLUG mailing list