Page MenuHomePhabricator

Support TLSv1.3 in IABot
Closed, ResolvedPublic

Description

As part of T170567 we have made inbound TLSv1.3 available on Wikipedia. Tracking TLSv1.3 adoption on bots hosted on WMCS we have realised that IABot/2.0 is the first UserAgent in terms of traffic from WMCS IPs using TLSv1.2 with 14 million requests during the last 24 hours.

it would be great if TLSv1.3 could be enabled on IABot.

Related Objects

Event Timeline

Restricted Application added a project: Operations. · View Herald TranscriptApr 29 2020, 2:19 PM
Restricted Application added a subscriber: Cyberpower678. · View Herald Transcript
Vgutierrez moved this task from Triage to TLS on the Traffic board.Apr 29 2020, 2:19 PM
colewhite triaged this task as Medium priority.May 4 2020, 11:12 PM
Harej moved this task from Inbox to New feature on the InternetArchiveBot board.May 6 2020, 12:50 AM
Krinkle renamed this task from Support TLSv1.3 to Support TLSv1.3 in IABot.May 22 2020, 12:17 AM
Cyberpower678 closed this task as Declined.Aug 28 2020, 10:04 PM

This is not something I believe I have control over.

This is not something I believe I have control over.

Could you be more specific? What challenges do you see in implementing this?

Reedy added a subscriber: Reedy.EditedAug 29 2020, 6:13 AM

As long as you're using PHP 7.3 (or newer)...

https://www.php.net/manual/en/migration73.constants.php

You should be able to do something like curl_setopt($this->curlHandle, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_3); to force 1.3 (or higher)

https://github.com/internetarchive/internetarchivebot does say PHP 7.2.9 or higher

Then it’s not happening as Toolforge runs on 7.2

Reedy reopened this task as Open.Aug 29 2020, 11:23 AM

Depends how/where you run it in Toolforge..

https://wikitech-static.wikimedia.org/wiki/Help:Toolforge/Kubernetes#PHP

You can easily run it with a PHP 7.3 container...

Cyberpower678 closed this task as Resolved.Sep 1 2020, 5:16 PM
Cyberpower678 claimed this task.

Added support in v2.0.7, but it will remain backward compatible with previous versions of PHP.