Yes, I will include the fix in the code base. Wouldn't it be good to provide a second parameter for the value > "MinProtocol = TLSv1.2"?
Are you saying that we should implement ssl.set_alpn_protocols() as well? Do you have a case where that was necessary? -tk On Mon, Jun 27, 2022 at 5:48 AM Remy Lavabre <[email protected]> wrote: > Hello again Tom, > This time it seems to be working fine! :-))) THANK YOU ! > > Jun 27 14:41:18 localhost weewx[32382] INFO weewx.reportengine: > ftpgenerator: Ftp'd 48 files in 13.59 seconds > Jun 27 14:46:28 localhost weewx[32382] INFO weewx.reportengine: > ftpgenerator: Ftp'd 85 files in 27.68 seconds > > Could you confirm that this optional parameter will be added in the next > WeeWX updates? > Wouldn't it be good to provide a second parameter for the value > "MinProtocol = TLSv1.2"? > > thank you very much > > Le lundi 27 juin 2022 à 14:24:47 UTC+2, [email protected] a écrit : > >> Forgot another step. In addition to replacing weeutil/ftpupload.py, >> replace weewx/reportengine.py with this copy. >> >> -tk >> >> On Mon, Jun 27, 2022 at 12:56 AM Remy Lavabre <[email protected]> >> wrote: >> >>> Hello Tom and thank you. >>> >>> Unfortunately it does not work (see attached syslog) >>> 1/ I replaced ftpupload.py in /usr/sare/weewx/weeutil >>> 2/ added ciphers = 'DEFAULT@SECLEVEL=1' in the [[FTP]] section of >>> weewx.conf >>> 3/ put back in the file /etc/ssl/openssl.cnf the last line "CipherString >>> = DEFAULT@SECLEVEL=2" (as originally by default). >>> 4/ Stopped WeeWX and restarted >>> >>> --> If I put DEFAULT@SECLEVEL=1 in the openssl.cnf file, same thing in >>> the syslog. >>> --> If I stop WeeWX and restart it (with the new FTP.py), it works again >>> as before... But with DEFAULT@SECLEVEL=1 in openssl.cnf! :-( >>> >>> If you have an idear... ? >>> >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> ftpgenerator: (0): caught exception '<class 'ssl.SSLError'>': [SSL: >>> DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** Traceback (most recent call last): >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** n = ftp_data.run() >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** ftp_server.login(self.user, self.password) >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ftplib.py", line 738, in login >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** self.auth() >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** self.sock = self.context.wrap_socket(self.sock, >>> server_hostname=self.host) >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** return self.sslsocket_class._create( >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** self.do_handshake() >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** self._sslobj.do_handshake() >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> ftpgenerator: (1): caught exception '<class 'ssl.SSLError'>': [SSL: >>> DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** Traceback (most recent call last): >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** n = ftp_data.run() >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** ftp_server.login(self.user, self.password) >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ftplib.py", line 738, in login >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** self.auth() >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** self.sock = self.context.wrap_socket(self.sock, >>> server_hostname=self.host) >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** return self.sslsocket_class._create( >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** self.do_handshake() >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** self._sslobj.do_handshake() >>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>> **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> ftpgenerator: (2): caught exception '<class 'ssl.SSLError'>': [SSL: >>> DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** Traceback (most recent call last): >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** n = ftp_data.run() >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** ftp_server.login(self.user, self.password) >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ftplib.py", line 738, in login >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** self.auth() >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** self.sock = self.context.wrap_socket(self.sock, >>> server_hostname=self.host) >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** return self.sslsocket_class._create( >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** self.do_handshake() >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** self._sslobj.do_handshake() >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) >>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>> ftpgenerator: Upload failed >>> >>> Le dimanche 26 juin 2022 à 21:44:40 UTC+2, [email protected] a écrit : >>> >>>> Try this version of weeutil/ftpupload.py. It will allow you to set a >>>> customized cipher: >>>> >>>> [StdReport] >>>> ... >>>> [[FTP]] >>>> ... >>>> ciphers = 'DEFAULT@SECLEVEL=1' >>>> >>>> If it works, I'll put it in the code base. >>>> >>>> -tk >>>> >>>> >>>> On Sun, Jun 26, 2022 at 10:21 AM Remy Lavabre <[email protected]> >>>> wrote: >>>> >>>>> Thanks for your reply Tom. Unfortunately, the ftp to ftps modification >>>>> of the host is not new... May 2019! so no need to explain to you that it >>>>> will not change overnight... >>>>> I thought of trying to modify your Ftp.py, but in the event of an >>>>> update of weewx, everything will have to be redone... >>>>> I opted for the option to modify the ssl.cnf file in /usr/ssl but it >>>>> is far from ideal! >>>>> is it possible to provide this kind of option at the level of >>>>> weewx.conf during a future evolution? >>>>> thanks tom >>>>> >>>>> Le dimanche 26 juin 2022 à 13:01:11 UTC+2, [email protected] a écrit : >>>>> >>>>>> A little Googling reveals that this problem is caused by outdated >>>>>> libraries on the FTP server. The "set_ciphers" option requests than an >>>>>> older, less secure, protocol be used on the client side in order to match >>>>>> what the server has. >>>>>> >>>>>> We could add support for setting cipher levels, but, before doing >>>>>> that, is there any way you can talk your service provider into updating >>>>>> their libraries? It's the better approach. >>>>>> >>>>>> On Sun, Jun 26, 2022 at 12:45 AM Remy Lavabre <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hello, >>>>>>> I would like to use WeeWX's FTP option. >>>>>>> In Python, this works perfectly (WITH THE OPTION IN BOLD) : >>>>>>> >>>>>>> >>>>>>> from ftplib import FTP_TLS >>>>>>> import ssl >>>>>>> import requests >>>>>>> >>>>>>> HOST='A' >>>>>>> ID = 'B' >>>>>>> MDP = 'C' >>>>>>> >>>>>>> def connect(): >>>>>>> ftp = FTP_TLS() >>>>>>> ftp.debugging = 2 >>>>>>> * ftp.context.set_ciphers('DEFAULT@SECLEVEL=1')* >>>>>>> ftp.connect(HOST) >>>>>>> ftp.login(ID, MDP) >>>>>>> return ftp >>>>>>> >>>>>>> ftp = connect() >>>>>>> ftp.retrlines('LIST') >>>>>>> >>>>>>> Without this option ' >>>>>>> * ftp.context.set_ciphers('DEFAULT@SECLEVEL=1')'*, I always get the >>>>>>> error: ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small >>>>>>> (_ssl.c:997) >>>>>>> >>>>>>> *My question*: How to configure the FTPS option in weewx.conf to >>>>>>> force the same configuration? >>>>>>> Thanks a lot >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "weewx-user" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/weewx-user/74de0d09-fe98-4dc4-956a-0dd359f37bd4n%40googlegroups.com >>>>>>> <https://groups.google.com/d/msgid/weewx-user/74de0d09-fe98-4dc4-956a-0dd359f37bd4n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "weewx-user" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> >>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/weewx-user/6dfd9849-4b82-461f-a51e-a10cf594e42dn%40googlegroups.com >>>>> <https://groups.google.com/d/msgid/weewx-user/6dfd9849-4b82-461f-a51e-a10cf594e42dn%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "weewx-user" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/weewx-user/24e8d55c-68ad-4d6b-b431-6849f6327b0en%40googlegroups.com >>> <https://groups.google.com/d/msgid/weewx-user/24e8d55c-68ad-4d6b-b431-6849f6327b0en%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "weewx-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/weewx-user/966f6250-9aaa-483b-9c93-72a091c60062n%40googlegroups.com > <https://groups.google.com/d/msgid/weewx-user/966f6250-9aaa-483b-9c93-72a091c60062n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/CAPq0zEAjiHXV1tvwgKQMekk9pT%2BfsWGkx5PCsb3e_xgLFY6qCw%40mail.gmail.com.
