Hello Tom and thank you. Unfortunately it does not work (see attached syslog) 1/ I replaced ftpupload.py in /usr/sare/weewx/weeutil 2/ added ciphers = 'DEFAULT@SECLEVEL=1' in the [[FTP]] section of weewx.conf 3/ put back in the file /etc/ssl/openssl.cnf the last line "CipherString = DEFAULT@SECLEVEL=2" (as originally by default). 4/ Stopped WeeWX and restarted
--> If I put DEFAULT@SECLEVEL=1 in the openssl.cnf file, same thing in the syslog. --> If I stop WeeWX and restart it (with the new FTP.py), it works again as before... But with DEFAULT@SECLEVEL=1 in openssl.cnf! :-( If you have an idear... ? Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: ftpgenerator: (0): caught exception '<class 'ssl.SSLError'>': [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** Traceback (most recent call last): Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** n = ftp_data.run() Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** ftp_server.login(self.user, self.password) Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ftplib.py", line 738, in login Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self.auth() Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self.sock = self.context.wrap_socket(self.sock, server_hostname=self.host) Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** return self.sslsocket_class._create( Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self.do_handshake() Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self._sslobj.do_handshake() Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: ftpgenerator: (1): caught exception '<class 'ssl.SSLError'>': [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** Traceback (most recent call last): Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** n = ftp_data.run() Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** ftp_server.login(self.user, self.password) Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ftplib.py", line 738, in login Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self.auth() Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self.sock = self.context.wrap_socket(self.sock, server_hostname=self.host) Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** return self.sslsocket_class._create( Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self.do_handshake() Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self._sslobj.do_handshake() Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: ftpgenerator: (2): caught exception '<class 'ssl.SSLError'>': [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** Traceback (most recent call last): Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** n = ftp_data.run() Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** ftp_server.login(self.user, self.password) Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ftplib.py", line 738, in login Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** self.auth() Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** self.sock = self.context.wrap_socket(self.sock, server_hostname=self.host) Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** return self.sslsocket_class._create( Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** self.do_handshake() Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** self._sslobj.do_handshake() Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: ftpgenerator: Upload failed Le dimanche 26 juin 2022 à 21:44:40 UTC+2, [email protected] a écrit : > Try this version of weeutil/ftpupload.py. It will allow you to set a > customized cipher: > > [StdReport] > ... > [[FTP]] > ... > ciphers = 'DEFAULT@SECLEVEL=1' > > If it works, I'll put it in the code base. > > -tk > > > On Sun, Jun 26, 2022 at 10:21 AM Remy Lavabre <[email protected]> wrote: > >> Thanks for your reply Tom. Unfortunately, the ftp to ftps modification of >> the host is not new... May 2019! so no need to explain to you that it will >> not change overnight... >> I thought of trying to modify your Ftp.py, but in the event of an update >> of weewx, everything will have to be redone... >> I opted for the option to modify the ssl.cnf file in /usr/ssl but it is >> far from ideal! >> is it possible to provide this kind of option at the level of weewx.conf >> during a future evolution? >> thanks tom >> >> Le dimanche 26 juin 2022 à 13:01:11 UTC+2, [email protected] a écrit : >> >>> A little Googling reveals that this problem is caused by outdated >>> libraries on the FTP server. The "set_ciphers" option requests than an >>> older, less secure, protocol be used on the client side in order to match >>> what the server has. >>> >>> We could add support for setting cipher levels, but, before doing that, >>> is there any way you can talk your service provider into updating their >>> libraries? It's the better approach. >>> >>> On Sun, Jun 26, 2022 at 12:45 AM Remy Lavabre <[email protected]> >>> wrote: >>> >>>> Hello, >>>> I would like to use WeeWX's FTP option. >>>> In Python, this works perfectly (WITH THE OPTION IN BOLD) : >>>> >>>> >>>> from ftplib import FTP_TLS >>>> import ssl >>>> import requests >>>> >>>> HOST='A' >>>> ID = 'B' >>>> MDP = 'C' >>>> >>>> def connect(): >>>> ftp = FTP_TLS() >>>> ftp.debugging = 2 >>>> * ftp.context.set_ciphers('DEFAULT@SECLEVEL=1')* >>>> ftp.connect(HOST) >>>> ftp.login(ID, MDP) >>>> return ftp >>>> >>>> ftp = connect() >>>> ftp.retrlines('LIST') >>>> >>>> Without this option ' * ftp.context.set_ciphers('DEFAULT@SECLEVEL=1')'*, >>>> I always get the error: ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too >>>> small (_ssl.c:997) >>>> >>>> *My question*: How to configure the FTPS option in weewx.conf to force >>>> the same configuration? >>>> Thanks a lot >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "weewx-user" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/weewx-user/74de0d09-fe98-4dc4-956a-0dd359f37bd4n%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/weewx-user/74de0d09-fe98-4dc4-956a-0dd359f37bd4n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "weewx-user" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/weewx-user/6dfd9849-4b82-461f-a51e-a10cf594e42dn%40googlegroups.com >> >> <https://groups.google.com/d/msgid/weewx-user/6dfd9849-4b82-461f-a51e-a10cf594e42dn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/24e8d55c-68ad-4d6b-b431-6849f6327b0en%40googlegroups.com.
