RESOLVED: Scheduled Outage: University of Otago Website - Wednesday 4 April 2018, 9:00am - 12:00pm
Timeframe: Wednesday 4 April 2018, 9:00am - 12:00pm
- The University of Otago Website
Audience: Staff, students and the general public
Scheduled outage notice for www.otago.ac.nz https migration
The internet keeps moving forwards, and so must we. In the quest for user privacy and security, browser vendors (namely Mozilla and Google) have been pushing the world to move to websites that are served securely so third parties can't see details such as login credentials, credit card data, and other private matters.
Hopefully we don't have any exposure, but browsers get more and more demanding, to an extent where even a logo sent over an unencrypted channel can render your site as "Not secure".
To cater to this trend, we shall be embarking on making sure that all www.otago.ac.nz content is served over https, and any traffic sent via http will be redirected to the secure version.
For any smaller website, that would be fairly trivial, but for a complex website, such as ours, this is no small feat, and it seems reasonable to think that there will be some things that may break.
What this means for the regular user
This work will be done the Wednesday after Easter break, which is in the mid-semester holidays and is a short week. We anticipate we may be fixing minor issues from Wednesday onwards.
Please note that if you visit our website over that time, you may find some short-lived disturbances, and we ask you for your patience.
If you find parts of the website that are still broken, please let us know, particularly if you are the one that looks after that part of the website.
Who to contact if you have issues post-change?
If you see problems, please report them to the ITS Service Desk with the following information:
- A screenshot.
- The URL of the page.
- A brief description of what is wrong.
- The date and time you found this (in case we've already fixed it by the time we receive your report).
- Whether you are the developer or responsible party for that part of the site.
- Which browser you are using
Also affected: otago.ac.nz
Content on otago.ac.nz will generally redirect to www.otago.ac.nz, so will end up on https://www.otago.ac.nz as well.
What is not changing: secure-www.otago.ac.nz
Our website has a strange artefact of history we would like to remove, and that is https://secure-www.otago.ac.nz/. We shall not be removing that in this piece of work, but content will migrate gradually post change. This includes a lot of web-forms, such as conference registration forms, donations, etc.
What is not changing: other sites hosted on the same infrastructure
The only site undergoing this change at this time is www.otago.ac.nz. We support a lot of smaller sites on this same infrastructure, and they will not be changing (if they do, please let us know as that's unexpected).
CMS Content editors should see no issues
There will be a slight outage to the CMS to apply some new functionality, but this will be brief. There should by no cause for concern otherwise.
Website developers with content on Shelob or its replacement
If you have content (typically PHP code) that runs on Shelob, then you are advised to test the site after the change has been completed.
Web Services can assist in migrating content from Shelob over to the new web infrastructure post change.
Website developers: things to do post change
If you are a website developer, and you are loading css, js, and other resources from http://www.otago.ac.nz/_assets/ or http://www.otago.ac.nz/cs/, you'll need to make sure you update the relevant urls to https at your leisure to ensure web-browsers will load your assets and don't complain because the link may still be http://
If you are calling out to web-services on www.otago.ac.nz, or consuming content via something that is not a browser, then you are advised to ensure that your program will still work if it were to receive a redirect (HTTP 301 or 302) to its secure version.
Website developers: is there anything that still must be available via http:// without redirection to https:// ?
We anticipate that there may be some content (for whatever reason), that must be served over http and not redirected. If you know of any, please email them through to email@example.com.
Dropping support for SSL version 3 (and Internet Explorer 6)
Additionally, we will be doing a little housekeeping and removing support for the old SSLv3 protocol. This will mean that IE version 6 will not work, which is not an issue as we no longer support its use on our site.
We would like to drop support for TLSv1.0 too, but that's not realistic at this time. We shall look to further improvements in this regard at a later date.
Please contact the ITS Service Desk if you have any questions (firstname.lastname@example.org, ext 8888 or 0800 479 888)
ITS Service Desk Reference: R169618