Update witness node/wallet to TLS 1.3

robert.hedler
Admin
10:29 PM
aaaaaaaaaaaand we have good and bad news 😞
Good news: I find the root cause that why cli_wallet of our new docker images dont connect on WSS.
Bad news: by default, Ubuntu 20.04 droped support for TLS lower than 1.2
my node is using ubuntu 18.04 where my seed is running
we need to edit /etc/ssl/openssl.cnf
with this, after oid_section variable:
# System default
openssl_conf = default_conf


Then in the end of the file put this:
[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1


jbahai
Admin
Owner
10:33 PM
OH... this is important actually for our continued support of U18... this no doubt would come up in testing.. perhaps the wallet needs to be updated to TLS 1.3?


robert.hedler
Admin
10:33 PM
it should be

https://chat.peerplays.live/channel/infrastructure-devops?msg=o3wgp9kgAJBuWwTho