Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handshake failure because of missing strong ciphers to negotiate #8703

Closed
cyberduck opened this issue Mar 26, 2015 · 6 comments
Closed

Handshake failure because of missing strong ciphers to negotiate #8703

cyberduck opened this issue Mar 26, 2015 · 6 comments
Assignees
@dkocher
Labels
bug fixed ftp-tls FTP (TLS) Protocol Implementation
Milestone
4.7

Comments

@cyberduck
Copy link
Collaborator

3e7225c created the issue

I am using Cyberduck 4.6.5 on Mac OSX 10.9.5. When trying to connect to webspace.bol.ucla.edu over FTP-SSL (Explicit AUTH TLS), I am getting the eror message

Handshake failure. Unable to negotiate an acceptable set of security parameters.

I have tried it a dozen of times; same failure every time. I was able to connect on FileZilla after confirming that the certificate authority is trusted (Cyberduck did not ask certificate authority question).

The issue resembles Ticket #8277. That ticket was closed as third party failure. I don't see any third party failure in my connection attempts and other FTP clients work fine.
@cyberduck
Copy link
Collaborator Author

@dkocher commented

We require the server to support one of TLSv1.2, TLSv1.1, TLSv1 for transport layer security. It looks like the server only supports SSLv2 which we have disabled for security reasons. Please open a support request at ucla.edu asking for a configuration change on their server.

@cyberduck
Copy link
Collaborator Author

3e7225c commented

Thank your for prompt attention to the matter. The proposed solutions however seems unlikely to explain the problem as FileZilla is able to successfully establish TLSv1.2 connection with the server. Here is the relevant part of FileZilla's connection log:

Response:  234 AUTH TLS OK.
Status:       Initializing TLS...
Trace:        CTlsSocket::Handshake()
Trace:        CTlsSocket::ContinueHandshake()
Trace:        CTlsSocket::ContinueHandshake()
Trace:        CTlsSocket::ContinueHandshake()
Trace:        CTlsSocket::ContinueHandshake()
Trace:        CTlsSocket::ContinueHandshake()
Trace:        CTlsSocket::ContinueHandshake()
Trace:        TLS Handshake successful
Trace:        Protocol: TLS1.2, Key exchange: RSA, Cipher: AES-256-GCM, MAC: AEAD
Status:       Verifying certificate...
Status:       TLS connection established.

In contrast, CyberDuck tells me

Response:  234 AUTH TLS OK.

and then aborts with the handshake failure error.

In case this is relevant. The server runs Pure-FTPd and the hosting provider tells me that to connect to the server I need to use ftp client supporting TLSv1 or higher. They do not support SSLv2 for safety reasons.

@cyberduck
Copy link
Collaborator Author

ralf bergs commented

I have the same issue towards a server I control. And as I control it I know it supports TLS v1.2.

As user c.sale pointed out I can also log on using FileZilla and TLS v1.2.

I think I have found out why Cyberduck can't connect to my server. It seems to only support "weak" hash algorithms in the cipher suites it offers. The below is from a Wireshark trace I just made:

            Cipher Suites (28 suites)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
                Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
                Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
                Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
                Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
                Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
                Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
                Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
                Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
                Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
                Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
                Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

I have my FTP server (PureFTPD) configured to use the following suites: HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3. This expands to the following:

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256

As you see there's no support for SHA (i. e. SHA1).

The server therefore answers as follows:

No.     Time                          Source                Destination           Protocol Length Info
     11 2015-04-19 12:24:19.039517    46.4.x.y          192.168.2.103         TLSv1.2  73     Alert (Level: Fatal, Description: Handshake Failure)

Frame 11: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) on interface 0
Ethernet II, Src: Tp-LinkT_44:59:69 (64:70:02:44:59:69), Dst: Apple_eb:f1:21 (c8:bc:c8:eb:f1:21)
Internet Protocol Version 4, Src: 46.4.x.y (46.4.x.y), Dst: 192.168.2.103 (192.168.2.103)
Transmission Control Protocol, Src Port: 2100 (2100), Dst Port: 53716 (53716), Seq: 341, Ack: 209, Len: 7
Secure Sockets Layer
    TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
        Content Type: Alert (21)
        Version: TLS 1.2 (0x0303)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Handshake Failure (40)

I think this is clearly a Cyberduck issue.

PS: For me it's OS X 10.10.3.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [comment:5 ralf bergs]:

Thanks for your detailed comment. Supported ciphers has changed in the latest snapshot build. Current supported supported ciphers are

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Please update to the latest snapshot build available.

@cyberduck
Copy link
Collaborator Author

ralf bergs commented

Replying to [comment:6 dkocher]:

Please update to the latest snapshot build available.

I can confirm that this fixed the issue for me.

Thank you very much.

@cyberduck
Copy link
Collaborator Author

3e7225c commented

Cyberduck 4.7 fixed the problem. Thank you!

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dkocher dkocher

Labels
bug fixed ftp-tls FTP (TLS) Protocol Implementation
Projects
None yet
Milestone
4.7
Development

No branches or pull requests
2 participants
@dkocher @cyberduck