No Tom, for me it is not necessary. But maybe one day for someone else? Who knows... Thank's again Tom Le lundi 27 juin 2022 à 16:11:38 UTC+2, [email protected] a écrit :
> Yes, I will include the fix in the code base. > > Wouldn't it be good to provide a second parameter for the value >> "MinProtocol = TLSv1.2"? > > > Are you saying that we should implement ssl.set_alpn_protocols() as well? > Do you have a case where that was necessary? > > -tk > > On Mon, Jun 27, 2022 at 5:48 AM Remy Lavabre <[email protected]> wrote: > >> Hello again Tom, >> This time it seems to be working fine! :-))) THANK YOU ! >> >> Jun 27 14:41:18 localhost weewx[32382] INFO weewx.reportengine: >> ftpgenerator: Ftp'd 48 files in 13.59 seconds >> Jun 27 14:46:28 localhost weewx[32382] INFO weewx.reportengine: >> ftpgenerator: Ftp'd 85 files in 27.68 seconds >> >> Could you confirm that this optional parameter will be added in the next >> WeeWX updates? >> Wouldn't it be good to provide a second parameter for the value >> "MinProtocol = TLSv1.2"? >> >> thank you very much >> >> Le lundi 27 juin 2022 à 14:24:47 UTC+2, [email protected] a écrit : >> >>> Forgot another step. In addition to replacing weeutil/ftpupload.py, >>> replace weewx/reportengine.py with this copy. >>> >>> -tk >>> >>> On Mon, Jun 27, 2022 at 12:56 AM Remy Lavabre <[email protected]> >>> wrote: >>> >>>> Hello Tom and thank you. >>>> >>>> Unfortunately it does not work (see attached syslog) >>>> 1/ I replaced ftpupload.py in /usr/sare/weewx/weeutil >>>> 2/ added ciphers = 'DEFAULT@SECLEVEL=1' in the [[FTP]] section of >>>> weewx.conf >>>> 3/ put back in the file /etc/ssl/openssl.cnf the last line >>>> "CipherString = DEFAULT@SECLEVEL=2" (as originally by default). >>>> 4/ Stopped WeeWX and restarted >>>> >>>> --> If I put DEFAULT@SECLEVEL=1 in the openssl.cnf file, same thing in >>>> the syslog. >>>> --> If I stop WeeWX and restart it (with the new FTP.py), it works >>>> again as before... But with DEFAULT@SECLEVEL=1 in openssl.cnf! :-( >>>> >>>> If you have an idear... ? >>>> >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> ftpgenerator: (0): caught exception '<class 'ssl.SSLError'>': [SSL: >>>> DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** Traceback (most recent call last): >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** n = ftp_data.run() >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** ftp_server.login(self.user, self.password) >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ftplib.py", line 738, in login >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** self.auth() >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** self.sock = self.context.wrap_socket(self.sock, >>>> server_hostname=self.host) >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** return self.sslsocket_class._create( >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** self.do_handshake() >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** self._sslobj.do_handshake() >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small >>>> (_ssl.c:1123) >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> ftpgenerator: (1): caught exception '<class 'ssl.SSLError'>': [SSL: >>>> DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** Traceback (most recent call last): >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** n = ftp_data.run() >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** ftp_server.login(self.user, self.password) >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ftplib.py", line 738, in login >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** self.auth() >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** self.sock = self.context.wrap_socket(self.sock, >>>> server_hostname=self.host) >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** return self.sslsocket_class._create( >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** self.do_handshake() >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** self._sslobj.do_handshake() >>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small >>>> (_ssl.c:1123) >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> ftpgenerator: (2): caught exception '<class 'ssl.SSLError'>': [SSL: >>>> DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** Traceback (most recent call last): >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** n = ftp_data.run() >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** ftp_server.login(self.user, self.password) >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ftplib.py", line 738, in login >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** self.auth() >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** self.sock = self.context.wrap_socket(self.sock, >>>> server_hostname=self.host) >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** return self.sslsocket_class._create( >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** self.do_handshake() >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** self._sslobj.do_handshake() >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small >>>> (_ssl.c:1123) >>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>> ftpgenerator: Upload failed >>>> >>>> Le dimanche 26 juin 2022 à 21:44:40 UTC+2, [email protected] a écrit : >>>> >>>>> Try this version of weeutil/ftpupload.py. It will allow you to set a >>>>> customized cipher: >>>>> >>>>> [StdReport] >>>>> ... >>>>> [[FTP]] >>>>> ... >>>>> ciphers = 'DEFAULT@SECLEVEL=1' >>>>> >>>>> If it works, I'll put it in the code base. >>>>> >>>>> -tk >>>>> >>>>> >>>>> On Sun, Jun 26, 2022 at 10:21 AM Remy Lavabre <[email protected]> >>>>> wrote: >>>>> >>>>>> Thanks for your reply Tom. Unfortunately, the ftp to ftps >>>>>> modification of the host is not new... May 2019! so no need to explain >>>>>> to >>>>>> you that it will not change overnight... >>>>>> I thought of trying to modify your Ftp.py, but in the event of an >>>>>> update of weewx, everything will have to be redone... >>>>>> I opted for the option to modify the ssl.cnf file in /usr/ssl but it >>>>>> is far from ideal! >>>>>> is it possible to provide this kind of option at the level of >>>>>> weewx.conf during a future evolution? >>>>>> thanks tom >>>>>> >>>>>> Le dimanche 26 juin 2022 à 13:01:11 UTC+2, [email protected] a écrit : >>>>>> >>>>>>> A little Googling reveals that this problem is caused by outdated >>>>>>> libraries on the FTP server. The "set_ciphers" option requests than an >>>>>>> older, less secure, protocol be used on the client side in order to >>>>>>> match >>>>>>> what the server has. >>>>>>> >>>>>>> We could add support for setting cipher levels, but, before doing >>>>>>> that, is there any way you can talk your service provider into updating >>>>>>> their libraries? It's the better approach. >>>>>>> >>>>>>> On Sun, Jun 26, 2022 at 12:45 AM Remy Lavabre <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hello, >>>>>>>> I would like to use WeeWX's FTP option. >>>>>>>> In Python, this works perfectly (WITH THE OPTION IN BOLD) : >>>>>>>> >>>>>>>> >>>>>>>> from ftplib import FTP_TLS >>>>>>>> import ssl >>>>>>>> import requests >>>>>>>> >>>>>>>> HOST='A' >>>>>>>> ID = 'B' >>>>>>>> MDP = 'C' >>>>>>>> >>>>>>>> def connect(): >>>>>>>> ftp = FTP_TLS() >>>>>>>> ftp.debugging = 2 >>>>>>>> * ftp.context.set_ciphers('DEFAULT@SECLEVEL=1')* >>>>>>>> ftp.connect(HOST) >>>>>>>> ftp.login(ID, MDP) >>>>>>>> return ftp >>>>>>>> >>>>>>>> ftp = connect() >>>>>>>> ftp.retrlines('LIST') >>>>>>>> >>>>>>>> Without this option ' >>>>>>>> * ftp.context.set_ciphers('DEFAULT@SECLEVEL=1')'*, I always get >>>>>>>> the error: ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small >>>>>>>> (_ssl.c:997) >>>>>>>> >>>>>>>> *My question*: How to configure the FTPS option in weewx.conf to >>>>>>>> force the same configuration? >>>>>>>> Thanks a lot >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "weewx-user" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/weewx-user/74de0d09-fe98-4dc4-956a-0dd359f37bd4n%40googlegroups.com >>>>>>>> >>>>>>>> <https://groups.google.com/d/msgid/weewx-user/74de0d09-fe98-4dc4-956a-0dd359f37bd4n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "weewx-user" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> >>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/weewx-user/6dfd9849-4b82-461f-a51e-a10cf594e42dn%40googlegroups.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/weewx-user/6dfd9849-4b82-461f-a51e-a10cf594e42dn%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "weewx-user" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> >>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/weewx-user/24e8d55c-68ad-4d6b-b431-6849f6327b0en%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/weewx-user/24e8d55c-68ad-4d6b-b431-6849f6327b0en%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "weewx-user" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/weewx-user/966f6250-9aaa-483b-9c93-72a091c60062n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/weewx-user/966f6250-9aaa-483b-9c93-72a091c60062n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/f9468a79-5596-4068-b113-97d9962bbd54n%40googlegroups.com.
