Upgrade TLS used by web-connectivity test-helper
hellais opened this issue · 1 comments
It has been reported that with probe-cli 3.x on recent debian versions there are issues in speaking to the control web-connectivity backend due to it having a too old version of TLS, see:
[engine] Using backend https://c.web-connectivity.th.ooni.io:443
[engine] web_connectivity: control-request error: ssl_error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
[engine] web_connectivity: comparing control with experiment
[engine] web_connectivity: skipping control comparison due to failure
We should upgrade the web-connectivity test-helper to use this newer version of TLS with an nginx in front of it.
Moreover in light of: #361 (comment) it may make sense to hold off on oonifying the web-connectivity test-helper until we have a good solution in the clients to make it possible to deploy it on the same hosts as the other ones.
This has been fixed by upgrading the web connectivity test helper ansible role to put an nginx in front of it.
It has been deployed to mia-wcth.ooni.io and a new bouncer config has been shipped to bouncer.ooni.io.