I prefer to offer features when they are needed. It's easier to add a feature than to take it away!
On Mon, Jun 27, 2022 at 7:44 AM Remy Lavabre <[email protected]> wrote: > No Tom, for me it is not necessary. But maybe one day for someone else? > Who knows... > Thank's again Tom > Le lundi 27 juin 2022 à 16:11:38 UTC+2, [email protected] a écrit : > >> Yes, I will include the fix in the code base. >> >> Wouldn't it be good to provide a second parameter for the value >>> "MinProtocol = TLSv1.2"? >> >> >> Are you saying that we should implement ssl.set_alpn_protocols() as well? >> Do you have a case where that was necessary? >> >> -tk >> >> On Mon, Jun 27, 2022 at 5:48 AM Remy Lavabre <[email protected]> wrote: >> >>> Hello again Tom, >>> This time it seems to be working fine! :-))) THANK YOU ! >>> >>> Jun 27 14:41:18 localhost weewx[32382] INFO weewx.reportengine: >>> ftpgenerator: Ftp'd 48 files in 13.59 seconds >>> Jun 27 14:46:28 localhost weewx[32382] INFO weewx.reportengine: >>> ftpgenerator: Ftp'd 85 files in 27.68 seconds >>> >>> Could you confirm that this optional parameter will be added in the next >>> WeeWX updates? >>> Wouldn't it be good to provide a second parameter for the value >>> "MinProtocol = TLSv1.2"? >>> >>> thank you very much >>> >>> Le lundi 27 juin 2022 à 14:24:47 UTC+2, [email protected] a écrit : >>> >>>> Forgot another step. In addition to replacing weeutil/ftpupload.py, >>>> replace weewx/reportengine.py with this copy. >>>> >>>> -tk >>>> >>>> On Mon, Jun 27, 2022 at 12:56 AM Remy Lavabre <[email protected]> >>>> wrote: >>>> >>>>> Hello Tom and thank you. >>>>> >>>>> Unfortunately it does not work (see attached syslog) >>>>> 1/ I replaced ftpupload.py in /usr/sare/weewx/weeutil >>>>> 2/ added ciphers = 'DEFAULT@SECLEVEL=1' in the [[FTP]] section of >>>>> weewx.conf >>>>> 3/ put back in the file /etc/ssl/openssl.cnf the last line >>>>> "CipherString = DEFAULT@SECLEVEL=2" (as originally by default). >>>>> 4/ Stopped WeeWX and restarted >>>>> >>>>> --> If I put DEFAULT@SECLEVEL=1 in the openssl.cnf file, same thing >>>>> in the syslog. >>>>> --> If I stop WeeWX and restart it (with the new FTP.py), it works >>>>> again as before... But with DEFAULT@SECLEVEL=1 in openssl.cnf! :-( >>>>> >>>>> If you have an idear... ? >>>>> >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> ftpgenerator: (0): caught exception '<class 'ssl.SSLError'>': [SSL: >>>>> DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** Traceback (most recent call last): >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** n = ftp_data.run() >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** ftp_server.login(self.user, self.password) >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ftplib.py", line 738, in login >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** self.auth() >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** self.sock = self.context.wrap_socket(self.sock, >>>>> server_hostname=self.host) >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** return self.sslsocket_class._create( >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** self.do_handshake() >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** self._sslobj.do_handshake() >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small >>>>> (_ssl.c:1123) >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> ftpgenerator: (1): caught exception '<class 'ssl.SSLError'>': [SSL: >>>>> DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** Traceback (most recent call last): >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** n = ftp_data.run() >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** ftp_server.login(self.user, self.password) >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ftplib.py", line 738, in login >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** self.auth() >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** self.sock = self.context.wrap_socket(self.sock, >>>>> server_hostname=self.host) >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** return self.sslsocket_class._create( >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** self.do_handshake() >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** self._sslobj.do_handshake() >>>>> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small >>>>> (_ssl.c:1123) >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> ftpgenerator: (2): caught exception '<class 'ssl.SSLError'>': [SSL: >>>>> DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123) >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** Traceback (most recent call last): >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** n = ftp_data.run() >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** ftp_server.login(self.user, self.password) >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ftplib.py", line 738, in login >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** self.auth() >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** self.sock = self.context.wrap_socket(self.sock, >>>>> server_hostname=self.host) >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** return self.sslsocket_class._create( >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** self.do_handshake() >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** self._sslobj.do_handshake() >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small >>>>> (_ssl.c:1123) >>>>> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: >>>>> ftpgenerator: Upload failed >>>>> >>>>> Le dimanche 26 juin 2022 à 21:44:40 UTC+2, [email protected] a écrit : >>>>> >>>>>> Try this version of weeutil/ftpupload.py. It will allow you to set a >>>>>> customized cipher: >>>>>> >>>>>> [StdReport] >>>>>> ... >>>>>> [[FTP]] >>>>>> ... >>>>>> ciphers = 'DEFAULT@SECLEVEL=1' >>>>>> >>>>>> If it works, I'll put it in the code base. >>>>>> >>>>>> -tk >>>>>> >>>>>> >>>>>> On Sun, Jun 26, 2022 at 10:21 AM Remy Lavabre <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Thanks for your reply Tom. Unfortunately, the ftp to ftps >>>>>>> modification of the host is not new... May 2019! so no need to explain >>>>>>> to >>>>>>> you that it will not change overnight... >>>>>>> I thought of trying to modify your Ftp.py, but in the event of an >>>>>>> update of weewx, everything will have to be redone... >>>>>>> I opted for the option to modify the ssl.cnf file in /usr/ssl but it >>>>>>> is far from ideal! >>>>>>> is it possible to provide this kind of option at the level of >>>>>>> weewx.conf during a future evolution? >>>>>>> thanks tom >>>>>>> >>>>>>> Le dimanche 26 juin 2022 à 13:01:11 UTC+2, [email protected] a >>>>>>> écrit : >>>>>>> >>>>>>>> A little Googling reveals that this problem is caused by outdated >>>>>>>> libraries on the FTP server. The "set_ciphers" option requests than an >>>>>>>> older, less secure, protocol be used on the client side in order to >>>>>>>> match >>>>>>>> what the server has. >>>>>>>> >>>>>>>> We could add support for setting cipher levels, but, before doing >>>>>>>> that, is there any way you can talk your service provider into updating >>>>>>>> their libraries? It's the better approach. >>>>>>>> >>>>>>>> On Sun, Jun 26, 2022 at 12:45 AM Remy Lavabre <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hello, >>>>>>>>> I would like to use WeeWX's FTP option. >>>>>>>>> In Python, this works perfectly (WITH THE OPTION IN BOLD) : >>>>>>>>> >>>>>>>>> >>>>>>>>> from ftplib import FTP_TLS >>>>>>>>> import ssl >>>>>>>>> import requests >>>>>>>>> >>>>>>>>> HOST='A' >>>>>>>>> ID = 'B' >>>>>>>>> MDP = 'C' >>>>>>>>> >>>>>>>>> def connect(): >>>>>>>>> ftp = FTP_TLS() >>>>>>>>> ftp.debugging = 2 >>>>>>>>> * ftp.context.set_ciphers('DEFAULT@SECLEVEL=1')* >>>>>>>>> ftp.connect(HOST) >>>>>>>>> ftp.login(ID, MDP) >>>>>>>>> return ftp >>>>>>>>> >>>>>>>>> ftp = connect() >>>>>>>>> ftp.retrlines('LIST') >>>>>>>>> >>>>>>>>> Without this option ' >>>>>>>>> * ftp.context.set_ciphers('DEFAULT@SECLEVEL=1')'*, I always get >>>>>>>>> the error: ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small >>>>>>>>> (_ssl.c:997) >>>>>>>>> >>>>>>>>> *My question*: How to configure the FTPS option in weewx.conf to >>>>>>>>> force the same configuration? >>>>>>>>> Thanks a lot >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "weewx-user" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/weewx-user/74de0d09-fe98-4dc4-956a-0dd359f37bd4n%40googlegroups.com >>>>>>>>> <https://groups.google.com/d/msgid/weewx-user/74de0d09-fe98-4dc4-956a-0dd359f37bd4n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "weewx-user" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> >>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/weewx-user/6dfd9849-4b82-461f-a51e-a10cf594e42dn%40googlegroups.com >>>>>>> <https://groups.google.com/d/msgid/weewx-user/6dfd9849-4b82-461f-a51e-a10cf594e42dn%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "weewx-user" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> >>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/weewx-user/24e8d55c-68ad-4d6b-b431-6849f6327b0en%40googlegroups.com >>>>> <https://groups.google.com/d/msgid/weewx-user/24e8d55c-68ad-4d6b-b431-6849f6327b0en%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "weewx-user" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/weewx-user/966f6250-9aaa-483b-9c93-72a091c60062n%40googlegroups.com >>> <https://groups.google.com/d/msgid/weewx-user/966f6250-9aaa-483b-9c93-72a091c60062n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "weewx-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/weewx-user/f9468a79-5596-4068-b113-97d9962bbd54n%40googlegroups.com > <https://groups.google.com/d/msgid/weewx-user/f9468a79-5596-4068-b113-97d9962bbd54n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/CAPq0zEDd5DR3MUtUePeZWyDUnbZOKqLYbAfbPfo%3DYQ_GHS8f7A%40mail.gmail.com.
