I had a scrape that’s been working for the last year for the local electricity rate. Suddenly it stopped working with the error SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED
Is there any way to fix this since the local utility probably won’t update their website anytime soon?
This is on 2023.07.3 and still after updating to 2023.8.2
They have updated their website and they have closed a security hole.
How can I make the scrape integration reconnect to it?
I do not know the scrape integration that well.
I have just worked with securing internet connections, so I could interpret the error you got.
Out of curiosity, do you know what security vuln might be related if there was a widespread effort to patch?
This is a general security hole with the SSL connection.
Some of the encryption methods used is old and now vulnerable to brute force and other attacks.
The security hole is that a SSL connection can be renegotiated while connected and in that renegotiation one of these vulnerable encryption methods can be chosen.
In order to prevent this security hole from occuring some servers disable the ability to renegotiate the encryption method, which is a patch solution for servers that do not have the ability to select the encryption methods being made available to the client.
I ended up working around this by proxying the url via nginx and setting the host header to the actual url host name
Then i pointed the scrape integration at the nginx http address