如何在RCurl中设置密码ECDHE-RSA-AES256-GCM-SHA384

时间:2018-11-17 11:42:13

标签: r libcurl rcurl

使用RCurl getURL()下载数据时出现类似错误

SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

如我所读,这可能与curl选项中的ssl.cipher.list选项有关。

如果是这样,如何将ECDHE-RSA-AES256-GCM-SHA384设置为密码?

对我来说

curlOptions(ssl.cipher.list = "ECDHE-RSA-AES256-GCM-SHA384",...)

其他尝试的方法无效。

这是我的sessionInfo()

> sessionInfo()
R version 3.5.1 (2018-07-02)
Platform: x86_64-w64-mingw32/x64 (64-bit)
Running under: Windows 7 x64 (build 7601) Service Pack 1

Matrix products: default

locale:
[1] LC_COLLATE=German_Germany.1252  LC_CTYPE=German_Germany.1252    LC_MONETARY=German_Germany.1252 LC_NUMERIC=C                   
[5] LC_TIME=German_Germany.1252    

attached base packages:
[1] stats     graphics  grDevices utils     datasets  methods   base     

other attached packages:
[1] RCurl_1.95-4.11 bitops_1.0-6   

loaded via a namespace (and not attached):
[1] compiler_3.5.1 tools_3.5.1    yaml_2.2.0

如果需要更多详细信息,请告诉我。

更新:

这是curl::curl_version()版本在R上的输出:

> curl::curl_version()
$`version`
[1] "7.59.0"

$ssl_version
[1] "(OpenSSL/1.0.2n) WinSSL"

$libz_version
[1] "1.2.8"

$libssh_version
[1] "libssh2/1.8.0"

$libidn_version
[1] NA

$host
[1] "x86_64-w64-mingw32"

$protocols
 [1] "dict"   "file"   "ftp"    "ftps"   "gopher" "http"   "https"  "imap"   "imaps"  "ldap"   "ldaps"  "pop3"   "pop3s"  "rtsp"   "scp"    "sftp"  
[17] "smtp"   "smtps"  "telnet" "tftp"  

$ipv6
[1] TRUE

$http2
[1] FALSE

$idn
[1] TRUE

这是RCurl::curlVersion()

的输出 
RCurl::curlVersion()
$`age`
[1] 3

$version
[1] "7.40.0"

$vesion_num
[1] 468992

$host
[1] "x86_64-pc-win32"

$features
      ssl      libz      ntlm asynchdns    spnego largefile       idn      sspi 
        4         8        16       128       256       512      1024      2048 

$ssl_version
[1] "OpenSSL/1.0.0o"

$ssl_version_num
[1] 0

$libz_version
[1] "1.2.8"

$protocols
 [1] "dict"   "file"   "ftp"    "ftps"   "gopher" "http"   "https"  "imap"   "imaps"  "ldap"   "pop3"   "pop3s"  "rtmp"   "rtsp"   "scp"    "sftp"  
[17] "smtp"   "smtps"  "telnet" "tftp"  

$ares
[1] ""

$ares_num
[1] 0

$libidn
[1] ""

在Windows本身上,已安装以下组件,但R极有可能未使用。 来自git bash:

$ curl --version
curl 7.60.0 (x86_64-w64-mingw32) libcurl/7.60.0 OpenSSL/1.0.2o (WinSSL) zlib/1.2.11 libidn2/2.0.5 nghttp2/1.32.0

jsonlite::fromJSON(RCurl::getURL("https://www.howsmyssl.com/a/check", .opts = opts))的输出

> jsonlite::fromJSON(RCurl::getURL("https://www.howsmyssl.com/a/check", .opts = opts))
$`given_cipher_suites`
 [1] "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"  "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"     
 [4] "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"      "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
 [7] "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"     "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"   "TLS_RSA_WITH_AES_256_CBC_SHA"         
[10] "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"     "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" 
[13] "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"      "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"      "TLS_DHE_RSA_WITH_SEED_CBC_SHA"        
[16] "TLS_DHE_DSS_WITH_SEED_CBC_SHA"         "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
[19] "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"     "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"   "TLS_RSA_WITH_AES_128_CBC_SHA"         
[22] "TLS_RSA_WITH_SEED_CBC_SHA"             "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"     "TLS_RSA_WITH_IDEA_CBC_SHA"            
[25] "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"   "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"    
[28] "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"     "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"    "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" 
[31] "TLS_RSA_WITH_3DES_EDE_CBC_SHA"         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"    

$ephemeral_keys_supported
[1] TRUE

$session_ticket_supported
[1] FALSE

$tls_compression_supported
[1] FALSE

$unknown_cipher_suite_supported
[1] FALSE

$beast_vuln
[1] FALSE

$able_to_detect_n_minus_one_splitting
[1] TRUE

$insecure_cipher_suites
named list()

$`tls_version`
[1] "TLS 1.0"

$rating
[1] "Bad"

httr::content(httr::GET("https://www.howsmyssl.com/a/check"))的输出

> httr::content(httr::GET("https://www.howsmyssl.com/a/check"))
$`given_cipher_suites`
$`given_cipher_suites`[[1]]
[1] "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"

$`given_cipher_suites`[[2]]
[1] "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"

$`given_cipher_suites`[[3]]
[1] "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"

$`given_cipher_suites`[[4]]
[1] "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"

$`given_cipher_suites`[[5]]
[1] "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"

$`given_cipher_suites`[[6]]
[1] "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"

$`given_cipher_suites`[[7]]
[1] "TLS_RSA_WITH_AES_256_GCM_SHA384"

$`given_cipher_suites`[[8]]
[1] "TLS_RSA_WITH_AES_128_GCM_SHA256"

$`given_cipher_suites`[[9]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"

$`given_cipher_suites`[[10]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"

$`given_cipher_suites`[[11]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"

$`given_cipher_suites`[[12]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"

$`given_cipher_suites`[[13]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"

$`given_cipher_suites`[[14]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"

$`given_cipher_suites`[[15]]
[1] "TLS_RSA_WITH_AES_256_CBC_SHA256"

$`given_cipher_suites`[[16]]
[1] "TLS_RSA_WITH_AES_128_CBC_SHA256"

$`given_cipher_suites`[[17]]
[1] "TLS_RSA_WITH_AES_256_CBC_SHA"

$`given_cipher_suites`[[18]]
[1] "TLS_RSA_WITH_AES_128_CBC_SHA"

$`given_cipher_suites`[[19]]
[1] "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"

$`given_cipher_suites`[[20]]
[1] "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"

$`given_cipher_suites`[[21]]
[1] "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"

$`given_cipher_suites`[[22]]
[1] "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"

$`given_cipher_suites`[[23]]
[1] "TLS_RSA_WITH_3DES_EDE_CBC_SHA"

$`given_cipher_suites`[[24]]
[1] "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"

$`given_cipher_suites`[[25]]
[1] "TLS_RSA_WITH_RC4_128_SHA"

$`given_cipher_suites`[[26]]
[1] "TLS_RSA_WITH_RC4_128_MD5"


$ephemeral_keys_supported
[1] TRUE

$session_ticket_supported
[1] FALSE

$tls_compression_supported
[1] FALSE

$unknown_cipher_suite_supported
[1] FALSE

$beast_vuln
[1] FALSE

$able_to_detect_n_minus_one_splitting
[1] FALSE

$insecure_cipher_suites
$insecure_cipher_suites$`TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA`
$insecure_cipher_suites$`TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA`[[1]]
[1] "uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"


$insecure_cipher_suites$TLS_RSA_WITH_3DES_EDE_CBC_SHA
$insecure_cipher_suites$TLS_RSA_WITH_3DES_EDE_CBC_SHA[[1]]
[1] "uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"


$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_MD5
$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_MD5[[1]]
[1] "uses RC4 which has insecure biases in its output"


$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_SHA
$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_SHA[[1]]
[1] "uses RC4 which has insecure biases in its output"



$tls_version
[1] "TLS 1.2"

$rating
[1] "Bad"

1 个答案:

答案 0 :(得分:1)

根据上面@hrbrmstr的评论回答我自己的问题。

因此,看来您的RCurl是使用将近4年的libcurl版本构建的,这是CRAN(1.95-4.11)上的最新RCurl。

我决定从RCurl切换到httr并立即得到结果,这意味着我现在能够从所需的ftp服务器下载数据。

我将RCurl::listCurlOptions()httr::httr_options()的输出进行了比较,这使我更容易找到用于curl选项的正确变量名。

希望这个答案可以帮助其他遇到RCurl相同问题的人。

相关问题
最新问题