Hello. I am sysop of ckb.wiki and I confirm Pouyan statements. We can not access to wikimedia projects via HTTPS. All sysops of ckb.wiki are from Iran and this is very bad. Now what are we suppose to do?
(Correction: Pouyan's purpose was "ckb" not "cbk" wikipedia)

popeno2003 wrote:

(In reply to comment #1)

Hello. I am sysop of ckb.wiki and I confirm Pouyan statements. We can not
access to wikimedia projects via HTTPS. All sysops of ckb.wiki are from Iran
and this is very bad. Now what are we suppose to do?
(Correction: Pouyan's purpose was "ckb" not "cbk" wikipedia)

sorry for the typo (not enough sleep after long distance travel :D).

Some other countries have similar problems and Wikimedia Foundation's Engineering Team is well aware of these problems. Very likely a number of Wikimedia sites (like Wikipedia) will be excluded from HTTPS login by default.

We will keep you updated, please have a little bit of patience while sorting out plans here. Thanks! :)

Thanks for the added list, we'll confirm on the https://meta.wikimedia.org/wiki/HTTPS#List_of_excluded_language_wikis page before launch.

Now all WM projects are out of access except Meta, Commons, Incubator, Bugzilla, MediaWiki and Wikidata projects.

There really should be no excluded languages; exposing our contributors to MITM attacks and government spying is a disservice.

(In reply to comment #5 by Calak)

Now all WM projects are out of access except Meta, Commons, Incubator,
Bugzilla, MediaWiki and Wikidata projects.

Uh? The SecureLogin deployment handled in this bug report is scheduled to take place in 22 hours, see https://wikitech.wikimedia.org/wiki/Deployments#Week_of_August_19th . If there are issues *now* for you then they are unrelated and a different problem. Please elaborate.

(In reply to comment #7)

If there are issues *now* for you then they are unrelated and a different problem.
Please elaborate.

I don't know what is the problem but now I can not open any page on all Wikimedia projects; I only reported it.

(In reply to comment #6)

There really should be no excluded languages; exposing our contributors to
MITM attacks and government spying is a disservice.

I agree that HTTP is a problem, but isn't it worse if several projects lose most of their contributors?

(In reply to comment #6)

There really should be no excluded languages; exposing our contributors to
MITM attacks and government spying is a disservice.

What does "MITM attacks and government spying" mean when we can not contribute?

Updated list of initially excluded language wikis at:
https://meta.wikimedia.org/wiki/HTTPS#List_of_excluded_language_wikis

(In reply to comment #11)

Updated list of initially excluded language wikis at:
https://meta.wikimedia.org/wiki/HTTPS#List_of_excluded_language_wikis

What about other languages predominantly spoken in China? There is a list at [[m:Talk:HTTPS#Excluded language]] but I can't tell if the list is complete.

See also [[m:Talk:HTTPS#List of Chinese Wikipedia]].

Now all thing in order.

(In reply to comment #12 by Stefan2)

What about other languages predominantly spoken in China? There is a list at
[[m:Talk:HTTPS#Excluded language]] but I can't tell if the list is complete.

Please ask on that talk page instead. I prefer to see such discussion and questions on the public talk page instead of a technical bugtracker.

This change took place yesterday, and Iran has been excluded as per https://meta.wikimedia.org/wiki/HTTPS#Excluded_Countries .

CLosing as FIXED.

(In reply to comment #0)

After discussion with community, there were also another languages that are
mostly used in Iran and wanted the same exception, I hereby enlist them here:

For your information: An IRC user stated that excluding Iran would not be needed.
I myself do not have enough information to judge (plus I am not involved in the SecureLogin deployment).

Only if Farsi (or any other language community in Iran) would like to see a change to the current policy of excluding the wiki from SecureLogin, please discuss with the community on your wiki, and see https://meta.wikimedia.org/wiki/Requesting_wiki_configuration_changes for more information.
Thanks for your understanding.

Now in Iran https links for wikipedia works

Yes, it works.

It seems Iran has opened SSL of WMF but there is no guarantee that Iran won't block it again. I think we need to wait for a while and see what will happen

I'd say if it's allowed, let's enable it now. If that changes, let us know and we'll immediately disable it.

I agree. No sense in throwing cleartext passwords if ssl is allowed. Should we make than config change and deploy during the 4pm window?

Works for me.

popeno2003 wrote:

I agree with Ryan on this, when they open the gates why not use it. I hope it last long. when not we need to add the exception.

Problem is sometimes this opening and closing doesn't last more than three hours. So When I say please wait, I mean one day or two at the most

Please don't enable it, today it works, but we can't guarantee tomorrow.
Beside it, I can't guarantee other areas of Iran.

We'd only re-enable it for iran specifically. We'll wait a couple days to make sure it isn't a short fluke.

I am not bullish. In Iran, anything is possible.

I checked two ISPs and they both blocked SSL now. :|