Connection error with ftputil: DH_KEY_TOO_SMALL

Question

When I connect to an FTP server (Pure-FTPd) with ftputil, I get the following error:

import ftputil
from ftplib import FTP_TLS

class TLSFTPSession(FTP_TLS):

    def __init__(self, host, userid, password):
        FTP_TLS.__init__(self)
        self.set_debuglevel(2)
        self.connect(host, 21)
        self.login(userid, password)
        self.prot_p()

ftp = ftputil.FTPHost(host, user, pw, session_factory=TLSFTPSession)

This returns:

FTPOSError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:997)
Debugging info: ftputil 5.0.4, Python 3.10.5 (win32)

So I tried to apply the solution I found here by adding self.context.set_ciphers('DEFAULT@SECLEVEL=1') to the __init__ method of the custom TLSFTPSession class:

class TLSFTPSession(FTP_TLS):

    def __init__(self, host, userid, password):
        FTP_TLS.__init__(self)
        self.set_debuglevel(2)
        self.connect(host, 21)
        self.login(userid, password)
        self.prot_p()
        self.context.set_ciphers('DEFAULT@SECLEVEL=1')

However, this didn't help either. Any idea?

Please call `self.context.set_ciphers('DEFAULT@SECLEVEL=1')` before calling `self.connect(..)` — Steffen Ullrich, Jul 18 '22 at 15:28
And/Or ask the owner of that FTP server to read https://weakdh.org/sysadmin.html and fix its configuration to have better security. — Patrick Mevzek, Jul 18 '22 at 16:03
Yes, calling `set_ciphers` before `connect` worked (which makes perfect sense)! Unfortunately, this is an FTP server I do not control, so I have to live with it. — mrgou, Jul 18 '22 at 20:35

Connection error with ftputil: DH_KEY_TOO_SMALL

0 Answers0