I am trying to connect to a FTPS site over LTS/SSL Explicit using the ftplib in python. For some reasons, I kept getting the SSL: SSLV3_ALERT_HANDSHAKE_FAILURE error message. However, it works just fine using WinSCP.
I have tried many different options I read on the internet and nothing worked. Any help/suggestion would be appreciated!
Here is the code
ftp = FTP_TLS()
ftp.debugging = 2
ftp.connect('xxx.xxxx.xxx', 990)
ftp.auth()
ftp.prot_p()
ftp.login('username', 'password')
ssl.SSLError: \[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE\] sslv3 alert handshake failure (\_ssl.c:997)
Here is the server and protocol information I got from WinSCP
Remote system = UNIX Type: L8
File transfer protocol = FTP
Cryptographic protocol = TLS/SSL Explicit encryption, TLSv1
Encryption algorithm = SSLv3: DHE-RSA-AES256-SHA, 2048 bit RSA, DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
I tried setting specific ciphers and different ssl protocol versions
WinSCP Log:
< 2023-04-06 21:34:57.065 Script: Connecting to xxx.xxx.xxx:990 ...
. 2023-04-06 21:34:57.065 Connecting to xxx.xxx.xxx:990 ...
. 2023-04-06 21:34:57.115 Connected with xxx.xxx.xxx:990, negotiating TLS connection...
< 2023-04-06 21:34:57.280 220 ProFTPD 1.3.2 Server (xxx.xxx.xxx) [::ffff:xxx.xxx.xxx]
> 2023-04-06 21:34:57.280 AUTH TLS
< 2023-04-06 21:34:57.326 234 AUTH TLS successful
. 2023-04-06 21:34:57.645 Verifying certificate for "Company" with fingerprint fa:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx: and 20 failures
. 2023-04-06 21:34:57.645 Certificate common name "xxx.xxx.xxx" matches hostname
. 2023-04-06 21:34:57.645 Certificate for "Company" matches configured fingerprint
. 2023-04-06 21:34:57.645 Using TLSv1, cipher SSLv3: DHE-RSA-AES256-SHA, 2048 bit RSA, DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
< 2023-04-06 21:34:57.645 Script: TLS connection established. Waiting for welcome message...
. 2023-04-06 21:34:57.645 TLS connection established. Waiting for welcome message...
> 2023-04-06 21:34:57.645 USER UserName
< 2023-04-06 21:34:57.698 331 Password required for UserName
> 2023-04-06 21:34:57.698 PASS ********
< 2023-04-06 21:34:57.795 230 User UserName logged in
> 2023-04-06 21:34:57.795 SYST
< 2023-04-06 21:34:57.841 215 UNIX Type: L8
> 2023-04-06 21:34:57.841 FEAT
< 2023-04-06 21:34:57.885 211-Features:
< 2023-04-06 21:34:57.885 MDTM
< 2023-04-06 21:34:57.885 MFMT
< 2023-04-06 21:34:57.885 AUTH TLS
< 2023-04-06 21:34:57.885 MFF modify;UNIX.group;UNIX.mode;
< 2023-04-06 21:34:57.885 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
< 2023-04-06 21:34:57.885 PBSZ
< 2023-04-06 21:34:57.885 PROT
< 2023-04-06 21:34:57.885 REST STREAM
< 2023-04-06 21:34:57.885 SIZE
< 2023-04-06 21:34:57.979 211 End
> 2023-04-06 21:34:57.979 PBSZ 0
< 2023-04-06 21:34:58.023 200 PBSZ 0 successful
> 2023-04-06 21:34:58.023 PROT P
< 2023-04-06 21:34:58.067 200 Protection set to Private
< 2023-04-06 21:34:58.067 Script: Connected
. 2023-04-06 21:34:58.067 Connected
Python debug log:
*get* '220 ProFTPD 1.3.2 Server (xxx.xxx.xxx) [::ffff:xxx.xxx.xxx]\n'
*resp* '220 ProFTPD 1.3.2 Server (xxx.xxx.xxx) [::ffff:xxx.xxx.xxx]'
*cmd* 'AUTH TLS'
*put* 'AUTH TLS\r\n'
*get* '234 AUTH TLS successful\n'
*resp* '234 AUTH TLS successful'
Traceback (most recent call last):
File "C:\Path\Python\Sandbox_FTP_TLS_Explicit.py", line 17, in <module>
ftp = connect()
File "C:\Path\Python\Sandbox_FTP_TLS_Explicit.py", line 12, in connect
ftp.auth()
File "C:\Path\Python\Python310\lib\ftplib.py", line 756, in auth
self.sock = self.context.wrap_socket(self.sock, server_hostname=self.host)
File "C:\Path\Python\Python310\lib\ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create(
File "C:\Path\Python\Python310\lib\ssl.py", line 1071, in _create
self.do_handshake()
File "C:\Path\Python\Python310\lib\ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)