如何在 RCurl 中设置密码 ECDHE-RSA-AES256-GCM-SHA384
How to set cipher ECDHE-RSA-AES256-GCM-SHA384 in RCurl
使用 RCurl getURL() 下载数据时出现类似
的错误
SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
据我了解,这可能与 curl 选项中的 ssl.cipher.list 选项有关。
如果是这样,如何将 ECDHE-RSA-AES256-GCM-SHA384 设置为密码?
对我来说
curlOptions(ssl.cipher.list = "ECDHE-RSA-AES256-GCM-SHA384",...)
其他尝试过的东西都没有用。
这是我的 sessionInfo()
> sessionInfo()
R version 3.5.1 (2018-07-02)
Platform: x86_64-w64-mingw32/x64 (64-bit)
Running under: Windows 7 x64 (build 7601) Service Pack 1
Matrix products: default
locale:
[1] LC_COLLATE=German_Germany.1252 LC_CTYPE=German_Germany.1252 LC_MONETARY=German_Germany.1252 LC_NUMERIC=C
[5] LC_TIME=German_Germany.1252
attached base packages:
[1] stats graphics grDevices utils datasets methods base
other attached packages:
[1] RCurl_1.95-4.11 bitops_1.0-6
loaded via a namespace (and not attached):
[1] compiler_3.5.1 tools_3.5.1 yaml_2.2.0
如果需要更多详细信息,请告诉我。
更新:
这是 R 上 curl::curl_version() 版本的输出:
> curl::curl_version()
$`version`
[1] "7.59.0"
$ssl_version
[1] "(OpenSSL/1.0.2n) WinSSL"
$libz_version
[1] "1.2.8"
$libssh_version
[1] "libssh2/1.8.0"
$libidn_version
[1] NA
$host
[1] "x86_64-w64-mingw32"
$protocols
[1] "dict" "file" "ftp" "ftps" "gopher" "http" "https" "imap" "imaps" "ldap" "ldaps" "pop3" "pop3s" "rtsp" "scp" "sftp"
[17] "smtp" "smtps" "telnet" "tftp"
$ipv6
[1] TRUE
$http2
[1] FALSE
$idn
[1] TRUE
这是RCurl::curlVersion()
的输出
RCurl::curlVersion()
$`age`
[1] 3
$version
[1] "7.40.0"
$vesion_num
[1] 468992
$host
[1] "x86_64-pc-win32"
$features
ssl libz ntlm asynchdns spnego largefile idn sspi
4 8 16 128 256 512 1024 2048
$ssl_version
[1] "OpenSSL/1.0.0o"
$ssl_version_num
[1] 0
$libz_version
[1] "1.2.8"
$protocols
[1] "dict" "file" "ftp" "ftps" "gopher" "http" "https" "imap" "imaps" "ldap" "pop3" "pop3s" "rtmp" "rtsp" "scp" "sftp"
[17] "smtp" "smtps" "telnet" "tftp"
$ares
[1] ""
$ares_num
[1] 0
$libidn
[1] ""
在 Windows 本身安装了以下内容,但 R 很可能没有使用。
来自 git bash:
$ curl --version
curl 7.60.0 (x86_64-w64-mingw32) libcurl/7.60.0 OpenSSL/1.0.2o (WinSSL) zlib/1.2.11 libidn2/2.0.5 nghttp2/1.32.0
jsonlite::fromJSON(RCurl::getURL("https://www.howsmyssl.com/a/check", .opts = opts))
的输出
> jsonlite::fromJSON(RCurl::getURL("https://www.howsmyssl.com/a/check", .opts = opts))
$`given_cipher_suites`
[1] "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
[4] "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
[7] "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" "TLS_RSA_WITH_AES_256_CBC_SHA"
[10] "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
[13] "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" "TLS_DHE_RSA_WITH_SEED_CBC_SHA"
[16] "TLS_DHE_DSS_WITH_SEED_CBC_SHA" "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
[19] "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" "TLS_RSA_WITH_AES_128_CBC_SHA"
[22] "TLS_RSA_WITH_SEED_CBC_SHA" "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" "TLS_RSA_WITH_IDEA_CBC_SHA"
[25] "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
[28] "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"
[31] "TLS_RSA_WITH_3DES_EDE_CBC_SHA" "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
$ephemeral_keys_supported
[1] TRUE
$session_ticket_supported
[1] FALSE
$tls_compression_supported
[1] FALSE
$unknown_cipher_suite_supported
[1] FALSE
$beast_vuln
[1] FALSE
$able_to_detect_n_minus_one_splitting
[1] TRUE
$insecure_cipher_suites
named list()
$`tls_version`
[1] "TLS 1.0"
$rating
[1] "Bad"
httr::content(httr::GET("https://www.howsmyssl.com/a/check"))
的输出
> httr::content(httr::GET("https://www.howsmyssl.com/a/check"))
$`given_cipher_suites`
$`given_cipher_suites`[[1]]
[1] "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
$`given_cipher_suites`[[2]]
[1] "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
$`given_cipher_suites`[[3]]
[1] "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
$`given_cipher_suites`[[4]]
[1] "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
$`given_cipher_suites`[[5]]
[1] "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
$`given_cipher_suites`[[6]]
[1] "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
$`given_cipher_suites`[[7]]
[1] "TLS_RSA_WITH_AES_256_GCM_SHA384"
$`given_cipher_suites`[[8]]
[1] "TLS_RSA_WITH_AES_128_GCM_SHA256"
$`given_cipher_suites`[[9]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
$`given_cipher_suites`[[10]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
$`given_cipher_suites`[[11]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
$`given_cipher_suites`[[12]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
$`given_cipher_suites`[[13]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
$`given_cipher_suites`[[14]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
$`given_cipher_suites`[[15]]
[1] "TLS_RSA_WITH_AES_256_CBC_SHA256"
$`given_cipher_suites`[[16]]
[1] "TLS_RSA_WITH_AES_128_CBC_SHA256"
$`given_cipher_suites`[[17]]
[1] "TLS_RSA_WITH_AES_256_CBC_SHA"
$`given_cipher_suites`[[18]]
[1] "TLS_RSA_WITH_AES_128_CBC_SHA"
$`given_cipher_suites`[[19]]
[1] "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
$`given_cipher_suites`[[20]]
[1] "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
$`given_cipher_suites`[[21]]
[1] "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
$`given_cipher_suites`[[22]]
[1] "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
$`given_cipher_suites`[[23]]
[1] "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
$`given_cipher_suites`[[24]]
[1] "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
$`given_cipher_suites`[[25]]
[1] "TLS_RSA_WITH_RC4_128_SHA"
$`given_cipher_suites`[[26]]
[1] "TLS_RSA_WITH_RC4_128_MD5"
$ephemeral_keys_supported
[1] TRUE
$session_ticket_supported
[1] FALSE
$tls_compression_supported
[1] FALSE
$unknown_cipher_suite_supported
[1] FALSE
$beast_vuln
[1] FALSE
$able_to_detect_n_minus_one_splitting
[1] FALSE
$insecure_cipher_suites
$insecure_cipher_suites$`TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA`
$insecure_cipher_suites$`TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA`[[1]]
[1] "uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"
$insecure_cipher_suites$TLS_RSA_WITH_3DES_EDE_CBC_SHA
$insecure_cipher_suites$TLS_RSA_WITH_3DES_EDE_CBC_SHA[[1]]
[1] "uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"
$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_MD5
$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_MD5[[1]]
[1] "uses RC4 which has insecure biases in its output"
$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_SHA
$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_SHA[[1]]
[1] "uses RC4 which has insecure biases in its output"
$tls_version
[1] "TLS 1.2"
$rating
[1] "Bad"
根据上面@hrbrmstr 的评论回答我自己的问题。
所以,看起来你的 RCurl 是用将近 4 年的 libcurl 版本构建的,这是 CRAN (1.95-4.11) 上的最新 RCurl
我决定从 RCurl 切换到 httr 并立即得到结果,这意味着我现在可以从所需的 ftp 服务器下载数据。
我将 RCurl::listCurlOptions() 的输出与 httr::httr_options() 的输出进行了比较,这使我更容易找到用于 curl 选项的正确变量名称。
希望这个回答能帮助 运行 遇到与 RCurl 相同问题的其他人。
使用 RCurl getURL() 下载数据时出现类似
的错误SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
据我了解,这可能与 curl 选项中的 ssl.cipher.list 选项有关。
如果是这样,如何将 ECDHE-RSA-AES256-GCM-SHA384 设置为密码?
对我来说
curlOptions(ssl.cipher.list = "ECDHE-RSA-AES256-GCM-SHA384",...)
其他尝试过的东西都没有用。
这是我的 sessionInfo()
> sessionInfo()
R version 3.5.1 (2018-07-02)
Platform: x86_64-w64-mingw32/x64 (64-bit)
Running under: Windows 7 x64 (build 7601) Service Pack 1
Matrix products: default
locale:
[1] LC_COLLATE=German_Germany.1252 LC_CTYPE=German_Germany.1252 LC_MONETARY=German_Germany.1252 LC_NUMERIC=C
[5] LC_TIME=German_Germany.1252
attached base packages:
[1] stats graphics grDevices utils datasets methods base
other attached packages:
[1] RCurl_1.95-4.11 bitops_1.0-6
loaded via a namespace (and not attached):
[1] compiler_3.5.1 tools_3.5.1 yaml_2.2.0
如果需要更多详细信息,请告诉我。
更新:
这是 R 上 curl::curl_version() 版本的输出:
> curl::curl_version()
$`version`
[1] "7.59.0"
$ssl_version
[1] "(OpenSSL/1.0.2n) WinSSL"
$libz_version
[1] "1.2.8"
$libssh_version
[1] "libssh2/1.8.0"
$libidn_version
[1] NA
$host
[1] "x86_64-w64-mingw32"
$protocols
[1] "dict" "file" "ftp" "ftps" "gopher" "http" "https" "imap" "imaps" "ldap" "ldaps" "pop3" "pop3s" "rtsp" "scp" "sftp"
[17] "smtp" "smtps" "telnet" "tftp"
$ipv6
[1] TRUE
$http2
[1] FALSE
$idn
[1] TRUE
这是RCurl::curlVersion()
RCurl::curlVersion()
$`age`
[1] 3
$version
[1] "7.40.0"
$vesion_num
[1] 468992
$host
[1] "x86_64-pc-win32"
$features
ssl libz ntlm asynchdns spnego largefile idn sspi
4 8 16 128 256 512 1024 2048
$ssl_version
[1] "OpenSSL/1.0.0o"
$ssl_version_num
[1] 0
$libz_version
[1] "1.2.8"
$protocols
[1] "dict" "file" "ftp" "ftps" "gopher" "http" "https" "imap" "imaps" "ldap" "pop3" "pop3s" "rtmp" "rtsp" "scp" "sftp"
[17] "smtp" "smtps" "telnet" "tftp"
$ares
[1] ""
$ares_num
[1] 0
$libidn
[1] ""
在 Windows 本身安装了以下内容,但 R 很可能没有使用。 来自 git bash:
$ curl --version
curl 7.60.0 (x86_64-w64-mingw32) libcurl/7.60.0 OpenSSL/1.0.2o (WinSSL) zlib/1.2.11 libidn2/2.0.5 nghttp2/1.32.0
jsonlite::fromJSON(RCurl::getURL("https://www.howsmyssl.com/a/check", .opts = opts))
> jsonlite::fromJSON(RCurl::getURL("https://www.howsmyssl.com/a/check", .opts = opts))
$`given_cipher_suites`
[1] "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
[4] "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
[7] "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" "TLS_RSA_WITH_AES_256_CBC_SHA"
[10] "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
[13] "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" "TLS_DHE_RSA_WITH_SEED_CBC_SHA"
[16] "TLS_DHE_DSS_WITH_SEED_CBC_SHA" "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
[19] "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" "TLS_RSA_WITH_AES_128_CBC_SHA"
[22] "TLS_RSA_WITH_SEED_CBC_SHA" "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" "TLS_RSA_WITH_IDEA_CBC_SHA"
[25] "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
[28] "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"
[31] "TLS_RSA_WITH_3DES_EDE_CBC_SHA" "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
$ephemeral_keys_supported
[1] TRUE
$session_ticket_supported
[1] FALSE
$tls_compression_supported
[1] FALSE
$unknown_cipher_suite_supported
[1] FALSE
$beast_vuln
[1] FALSE
$able_to_detect_n_minus_one_splitting
[1] TRUE
$insecure_cipher_suites
named list()
$`tls_version`
[1] "TLS 1.0"
$rating
[1] "Bad"
httr::content(httr::GET("https://www.howsmyssl.com/a/check"))
> httr::content(httr::GET("https://www.howsmyssl.com/a/check"))
$`given_cipher_suites`
$`given_cipher_suites`[[1]]
[1] "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
$`given_cipher_suites`[[2]]
[1] "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
$`given_cipher_suites`[[3]]
[1] "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
$`given_cipher_suites`[[4]]
[1] "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
$`given_cipher_suites`[[5]]
[1] "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
$`given_cipher_suites`[[6]]
[1] "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
$`given_cipher_suites`[[7]]
[1] "TLS_RSA_WITH_AES_256_GCM_SHA384"
$`given_cipher_suites`[[8]]
[1] "TLS_RSA_WITH_AES_128_GCM_SHA256"
$`given_cipher_suites`[[9]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
$`given_cipher_suites`[[10]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
$`given_cipher_suites`[[11]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
$`given_cipher_suites`[[12]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
$`given_cipher_suites`[[13]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
$`given_cipher_suites`[[14]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
$`given_cipher_suites`[[15]]
[1] "TLS_RSA_WITH_AES_256_CBC_SHA256"
$`given_cipher_suites`[[16]]
[1] "TLS_RSA_WITH_AES_128_CBC_SHA256"
$`given_cipher_suites`[[17]]
[1] "TLS_RSA_WITH_AES_256_CBC_SHA"
$`given_cipher_suites`[[18]]
[1] "TLS_RSA_WITH_AES_128_CBC_SHA"
$`given_cipher_suites`[[19]]
[1] "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
$`given_cipher_suites`[[20]]
[1] "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
$`given_cipher_suites`[[21]]
[1] "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
$`given_cipher_suites`[[22]]
[1] "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
$`given_cipher_suites`[[23]]
[1] "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
$`given_cipher_suites`[[24]]
[1] "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
$`given_cipher_suites`[[25]]
[1] "TLS_RSA_WITH_RC4_128_SHA"
$`given_cipher_suites`[[26]]
[1] "TLS_RSA_WITH_RC4_128_MD5"
$ephemeral_keys_supported
[1] TRUE
$session_ticket_supported
[1] FALSE
$tls_compression_supported
[1] FALSE
$unknown_cipher_suite_supported
[1] FALSE
$beast_vuln
[1] FALSE
$able_to_detect_n_minus_one_splitting
[1] FALSE
$insecure_cipher_suites
$insecure_cipher_suites$`TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA`
$insecure_cipher_suites$`TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA`[[1]]
[1] "uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"
$insecure_cipher_suites$TLS_RSA_WITH_3DES_EDE_CBC_SHA
$insecure_cipher_suites$TLS_RSA_WITH_3DES_EDE_CBC_SHA[[1]]
[1] "uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"
$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_MD5
$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_MD5[[1]]
[1] "uses RC4 which has insecure biases in its output"
$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_SHA
$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_SHA[[1]]
[1] "uses RC4 which has insecure biases in its output"
$tls_version
[1] "TLS 1.2"
$rating
[1] "Bad"
根据上面@hrbrmstr 的评论回答我自己的问题。
所以,看起来你的 RCurl 是用将近 4 年的 libcurl 版本构建的,这是 CRAN (1.95-4.11) 上的最新 RCurl
我决定从 RCurl 切换到 httr 并立即得到结果,这意味着我现在可以从所需的 ftp 服务器下载数据。
我将 RCurl::listCurlOptions() 的输出与 httr::httr_options() 的输出进行了比较,这使我更容易找到用于 curl 选项的正确变量名称。
希望这个回答能帮助 运行 遇到与 RCurl 相同问题的其他人。