Cyberduck Mountain Duck CLI

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#8703 closed defect (fixed)

Handshake failure because of missing strong ciphers to negotiate

Reported by: c.sale Owned by: dkocher
Priority: normal Milestone: 4.7
Component: ftp-tls Version: 4.6.5
Severity: normal Keywords:
Cc: Architecture: Intel
Platform: Mac OS X 10.9

Description (last modified by dkocher)

I am using Cyberduck 4.6.5 on Mac OSX 10.9.5. When trying to connect to webspace.bol.ucla.edu over FTP-SSL (Explicit AUTH TLS), I am getting the eror message

Handshake failure. Unable to negotiate an acceptable set of security parameters.

I have tried it a dozen of times; same failure every time. I was able to connect on FileZilla after confirming that the certificate authority is trusted (Cyberduck did not ask certificate authority question).

The issue resembles Ticket #8277. That ticket was closed as third party failure. I don't see any third party failure in my connection attempts and other FTP clients work fine.

Change History (8)

comment:1 Changed 4 years ago by c.sale

  • Description modified (diff)

comment:2 Changed 4 years ago by dkocher

  • Component changed from core to ftp-tls
  • Description modified (diff)
  • Milestone set to 4.7
  • Owner set to dkocher

comment:3 Changed 4 years ago by dkocher

  • Description modified (diff)
  • Resolution set to worksforme
  • Status changed from new to closed

We require the server to support one of TLSv1.2, TLSv1.1, TLSv1 for transport layer security. It looks like the server only supports SSLv2 which we have disabled for security reasons. Please open a support request at ucla.edu asking for a configuration change on their server.

comment:4 Changed 4 years ago by c.sale

Thank your for prompt attention to the matter. The proposed solutions however seems unlikely to explain the problem as FileZilla is able to successfully establish TLSv1.2 connection with the server. Here is the relevant part of FileZilla's connection log:

Response:  234 AUTH TLS OK.
Status:       Initializing TLS...
Trace:        CTlsSocket::Handshake()
Trace:        CTlsSocket::ContinueHandshake()
Trace:        CTlsSocket::ContinueHandshake()
Trace:        CTlsSocket::ContinueHandshake()
Trace:        CTlsSocket::ContinueHandshake()
Trace:        CTlsSocket::ContinueHandshake()
Trace:        CTlsSocket::ContinueHandshake()
Trace:        TLS Handshake successful
Trace:        Protocol: TLS1.2, Key exchange: RSA, Cipher: AES-256-GCM, MAC: AEAD
Status:       Verifying certificate...
Status:       TLS connection established.

In contrast, CyberDuck tells me

Response:  234 AUTH TLS OK.

and then aborts with the handshake failure error.

In case this is relevant. The server runs Pure-FTPd and the hosting provider tells me that to connect to the server I need to use ftp client supporting TLSv1 or higher. They do not support SSLv2 for safety reasons.

comment:5 Changed 4 years ago by ralf bergs

  • Resolution worksforme deleted
  • Status changed from closed to reopened

I have the same issue towards a server I control. And as I control it I know it supports TLS v1.2.

As user c.sale pointed out I can also log on using FileZilla and TLS v1.2.

I think I have found out why Cyberduck can't connect to my server. It seems to only support "weak" hash algorithms in the cipher suites it offers. The below is from a Wireshark trace I just made:

            Cipher Suites (28 suites)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
                Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
                Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
                Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
                Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
                Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
                Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
                Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
                Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
                Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

I have my FTP server (PureFTPD) configured to use the following suites: HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3. This expands to the following:

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256

As you see there's no support for SHA (i. e. SHA1).

The server therefore answers as follows:

No.     Time                          Source                Destination           Protocol Length Info
     11 2015-04-19 12:24:19.039517    46.4.x.y          192.168.2.103         TLSv1.2  73     Alert (Level: Fatal, Description: Handshake Failure)

Frame 11: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) on interface 0
Ethernet II, Src: Tp-LinkT_44:59:69 (64:70:02:44:59:69), Dst: Apple_eb:f1:21 (c8:bc:c8:eb:f1:21)
Internet Protocol Version 4, Src: 46.4.x.y (46.4.x.y), Dst: 192.168.2.103 (192.168.2.103)
Transmission Control Protocol, Src Port: 2100 (2100), Dst Port: 53716 (53716), Seq: 341, Ack: 209, Len: 7
Secure Sockets Layer
    TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
        Content Type: Alert (21)
        Version: TLS 1.2 (0x0303)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Handshake Failure (40)

I think this is clearly a Cyberduck issue.

PS: For me it's OS X 10.10.3.

comment:6 follow-up: Changed 4 years ago by dkocher

  • Resolution set to fixed
  • Status changed from reopened to closed
  • Summary changed from Handshake failure. Unable to negotiate an acceptable set of security parameters. to Handshake failure because of missing strong ciphers to negotiate

Replying to ralf bergs:

Thanks for your detailed comment. Supported ciphers has changed in the latest snapshot build. Current supported supported ciphers are

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Please update to the latest snapshot build available.

comment:7 in reply to: ↑ 6 Changed 4 years ago by ralf bergs

Replying to dkocher:

Please update to the latest snapshot build available.

I can confirm that this fixed the issue for me.

Thank you very much.

comment:8 Changed 4 years ago by c.sale

Cyberduck 4.7 fixed the problem. Thank you!

Note: See TracTickets for help on using tickets.
swiss made software