Weak SSL certificate?

[wetneb]

When attempting to query OAdoi from tools.wmflabs.org:

>>> import requests
>>> requests.get('https://oadoi.org/')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/dist-packages/requests/api.py", line 55, in get
    return request('get', url, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/api.py", line 44, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 455, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 558, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 385, in send
    raise SSLError(e)
requests.exceptions.SSLError: [Errno 1] _ssl.c:510: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

That's probably due to a client-side bug, but it's also weird that it does not do it for other servers (like, dissem.in, which uses Let's Encrypt). So one bit of the issue is probably linked to your configuration. Any thoughts?

[richard-orr]

I'm not sure what the exact problem is, but it sounds like a client trying to use an old SSL version supported by disem.in and not by unpaywall.org.