Problem FTPS WeeWX
239 views
Skip to first unread message
Remy Lavabre
Jun 26, 2022, 3:45:42 AM6/26/22
to weewx-user
Hello,
I would like to use WeeWX's FTP option.
In Python, this works perfectly (WITH THE OPTION IN BOLD) :
In Python, this works perfectly (WITH THE OPTION IN BOLD) :
from ftplib import FTP_TLS
import ssl
import requests
HOST='A'
ID = 'B'
MDP = 'C'
def connect():
ftp = FTP_TLS()
ftp.debugging = 2
ftp.context.set_ciphers('DEFAULT@SECLEVEL=1')
ftp.connect(HOST)
ftp.login(ID, MDP)
return ftp
ftp = connect()
ftp.retrlines('LIST')
Without this option ' ftp.context.set_ciphers('DEFAULT@SECLEVEL=1')', I always get the error: ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:997)
My question: How to configure the FTPS option in weewx.conf to force the same configuration?
Thanks a lot
Thanks a lot
Tom Keffer
Jun 26, 2022, 7:01:11 AM6/26/22
to weewx-user
A little Googling reveals that this problem is caused by outdated libraries on the FTP server. The "set_ciphers" option requests than an older, less secure, protocol be used on the client side in order to match what the server has.
We could add support for setting cipher levels, but, before doing that, is there any way you can talk your service provider into updating their libraries? It's the better approach.
--
You received this message because you are subscribed to the Google Groups "weewx-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to weewx-user+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/74de0d09-fe98-4dc4-956a-0dd359f37bd4n%40googlegroups.com.
Remy Lavabre
Jun 26, 2022, 1:20:58 PM6/26/22
to weewx-user
Thanks for your reply Tom. Unfortunately, the ftp to ftps modification of the host is not new... May 2019! so no need to explain to you that it will not change overnight...
I thought of trying to modify your Ftp.py, but in the event of an update of weewx, everything will have to be redone...
I opted for the option to modify the ssl.cnf file in /usr/ssl but it is far from ideal!
is it possible to provide this kind of option at the level of weewx.conf during a future evolution?
thanks tom
I thought of trying to modify your Ftp.py, but in the event of an update of weewx, everything will have to be redone...
I opted for the option to modify the ssl.cnf file in /usr/ssl but it is far from ideal!
is it possible to provide this kind of option at the level of weewx.conf during a future evolution?
thanks tom
Tom Keffer
Jun 26, 2022, 3:44:40 PM6/26/22
to weewx-user
Try this version of weeutil/ftpupload.py. It will allow you to set a customized cipher:
[StdReport]
...
[[FTP]]
...
ciphers = 'DEFAULT@SECLEVEL=1'
If it works, I'll put it in the code base.
-tk
To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/6dfd9849-4b82-461f-a51e-a10cf594e42dn%40googlegroups.com.
Remy Lavabre
Jun 27, 2022, 3:56:07 AM6/27/22
to weewx-user
Hello Tom and thank you.
Unfortunately it does not work (see attached syslog)
1/ I replaced ftpupload.py in /usr/sare/weewx/weeutil
2/ added ciphers = 'DEFAULT@SECLEVEL=1' in the [[FTP]] section of weewx.conf
3/ put back in the file /etc/ssl/openssl.cnf the last line "CipherString = DEFAULT@SECLEVEL=2" (as originally by default).
4/ Stopped WeeWX and restarted
--> If I put DEFAULT@SECLEVEL=1 in the openssl.cnf file, same thing in the syslog.
--> If I stop WeeWX and restart it (with the new FTP.py), it works again as before... But with DEFAULT@SECLEVEL=1 in openssl.cnf! :-(
If you have an idear... ?
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** Traceback (most recent call last):
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** n = ftp_data.run()
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** ftp_server.login(self.user, self.password)
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ftplib.py", line 738, in login
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self.auth()
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self.sock = self.context.wrap_socket(self.sock, server_hostname=self.host)
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** return self.sslsocket_class._create(
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self.do_handshake()
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self._sslobj.do_handshake()
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123)
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: ftpgenerator: (1): caught exception '<class 'ssl.SSLError'>': [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123)
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** Traceback (most recent call last):
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** n = ftp_data.run()
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** ftp_server.login(self.user, self.password)
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ftplib.py", line 738, in login
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self.auth()
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self.sock = self.context.wrap_socket(self.sock, server_hostname=self.host)
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** return self.sslsocket_class._create(
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self.do_handshake()
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** self._sslobj.do_handshake()
Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine: **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123)
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: ftpgenerator: (2): caught exception '<class 'ssl.SSLError'>': [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123)
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** Traceback (most recent call last):
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** n = ftp_data.run()
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** ftp_server.login(self.user, self.password)
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ftplib.py", line 738, in login
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** self.auth()
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** self.sock = self.context.wrap_socket(self.sock, server_hostname=self.host)
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** return self.sslsocket_class._create(
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** self.do_handshake()
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** self._sslobj.do_handshake()
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123)
Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine: ftpgenerator: Upload failed
Remy Lavabre
Jun 27, 2022, 8:23:18 AM6/27/22
to weewx-user
For iformation Tom, my [[FTP]] weewx.conf :
[[FTP]]
# FTP'ing the results to a webserver is treated as just another report,
# albeit one with an unusual report generator!
# If you wish to use FTP, set "enable" to "true", then
# fill out the next four lines.
skin = Ftp
# Pour Orange, modifier le paramètre ciphers du fichier /etc/ssl/openssl.cnf
ciphers = 'DEFAULT@SECLEVEL=1'
# Use quotes around passwords to guard against parsing errors.
enable = True
user = A
password = B
server = C # The ftp server name, e.g, www.myserver.org
path = / # The destination directory, e.g., /weather
# Set to True for an FTP over TLS (FTPS) connection. Not all servers
# support this.
secure_ftp = True
secure_data = True
# To upload files from something other than what HTML_ROOT is set
# to above, specify a different HTML_ROOT here.
HTML_ROOT = /var/www/html/weewx
# Most FTP servers use port 21
port = 21
# Set to 1 to use passive mode, zero for active mode
passive = 1
max_trie = 3
ftp_encoding = UTF-8
#bug in the Python libraries that happens when use a Pure-FTP server
reuse_ssl = True
# FTP'ing the results to a webserver is treated as just another report,
# albeit one with an unusual report generator!
# If you wish to use FTP, set "enable" to "true", then
# fill out the next four lines.
skin = Ftp
# Pour Orange, modifier le paramètre ciphers du fichier /etc/ssl/openssl.cnf
ciphers = 'DEFAULT@SECLEVEL=1'
# Use quotes around passwords to guard against parsing errors.
enable = True
user = A
password = B
server = C # The ftp server name, e.g, www.myserver.org
path = / # The destination directory, e.g., /weather
# Set to True for an FTP over TLS (FTPS) connection. Not all servers
# support this.
secure_ftp = True
secure_data = True
# To upload files from something other than what HTML_ROOT is set
# to above, specify a different HTML_ROOT here.
HTML_ROOT = /var/www/html/weewx
# Most FTP servers use port 21
port = 21
# Set to 1 to use passive mode, zero for active mode
passive = 1
max_trie = 3
ftp_encoding = UTF-8
#bug in the Python libraries that happens when use a Pure-FTP server
reuse_ssl = True
Tom Keffer
Jun 27, 2022, 8:24:47 AM6/27/22
to weewx-user
Forgot another step. In addition to replacing weeutil/ftpupload.py, replace weewx/reportengine.py with this copy.
-tk
To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/24e8d55c-68ad-4d6b-b431-6849f6327b0en%40googlegroups.com.
Remy Lavabre
Jun 27, 2022, 8:48:05 AM6/27/22
to weewx-user
Hello again Tom,
This time it seems to be working fine! :-))) THANK YOU !
Jun 27 14:41:18 localhost weewx[32382] INFO weewx.reportengine: ftpgenerator: Ftp'd 48 files in 13.59 seconds
Jun 27 14:46:28 localhost weewx[32382] INFO weewx.reportengine: ftpgenerator: Ftp'd 85 files in 27.68 seconds
Could you confirm that this optional parameter will be added in the next WeeWX updates?
Wouldn't it be good to provide a second parameter for the value "MinProtocol = TLSv1.2"?
thank you very much
This time it seems to be working fine! :-))) THANK YOU !
Jun 27 14:41:18 localhost weewx[32382] INFO weewx.reportengine: ftpgenerator: Ftp'd 48 files in 13.59 seconds
Jun 27 14:46:28 localhost weewx[32382] INFO weewx.reportengine: ftpgenerator: Ftp'd 85 files in 27.68 seconds
Could you confirm that this optional parameter will be added in the next WeeWX updates?
Wouldn't it be good to provide a second parameter for the value "MinProtocol = TLSv1.2"?
thank you very much
Tom Keffer
Jun 27, 2022, 10:11:38 AM6/27/22
to weewx-user
Yes, I will include the fix in the code base.
Wouldn't it be good to provide a second parameter for the value "MinProtocol = TLSv1.2"?
Are you saying that we should implement ssl.set_alpn_protocols() as well? Do you have a case where that was necessary?
-tk
To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/966f6250-9aaa-483b-9c93-72a091c60062n%40googlegroups.com.
Remy Lavabre
Jun 27, 2022, 10:44:45 AM6/27/22
to weewx-user
No Tom, for me it is not necessary. But maybe one day for someone else? Who knows...
Thank's again Tom
Thank's again Tom
Tom Keffer
Jun 27, 2022, 11:30:50 AM6/27/22
to weewx-user
I prefer to offer features when they are needed. It's easier to add a feature than to take it away!
To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/f9468a79-5596-4068-b113-97d9962bbd54n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages