Dh Key Too Small (Python FTP) on Whonix

Question

I am trying to upload files to a server from within the Whonix operating system. I was able to do it successfully using Filezilla from within Whonix, so I'm not really sure why the Python code isn't working.

from ftplib import FTP, FTP_TLS
import os

ftp = FTP_TLS()
ftp.set_debuglevel(2)
ftp.connect('ftp.server.com', 21)
ftp.login('Username', 'Password')
item_name = 'myfile.mp4'
item_path = os.path.abspath(item_name)

fp = open(item_path, 'rb')
ftp.storbinary('STOR {}'.format(item_name), fp, 8192)
fp.close()

Does anybody know how I should change the Python code to be able to upload the file succesfully from within Whonix? For reference, the Python code works when I run it directly from within Windows. It only fails when I try it from within Whonix, and I don't know why.

This is the error I get, and I don't understand it:

*get* '220-This is a private system - No anonymous login\n'
*get* '220-IPv6 connections are also welcome on this server.\n'
*get* '220 You will be disconnected after 30 minutes of inactivity.\n'
*resp* '220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\n220-You are user number 17 of 50 allowed.\n220-Local time is now 01:28. Server port: 21.\n220-This is a private system - No anonymous login\n220-IPv6 connections are also welcome on this server.\n220 You will be disconnected after 30 minutes of inactivity.'
*cmd* 'AUTH TLS'
*put* 'AUTH TLS\r\n'
*get* '234 AUTH TLS OK.\n'
*resp* '234 AUTH TLS OK.'
Traceback (most recent call last):
  File "test.py", line 8, in <module>
    ftp.login('Username', 'Password')
  File "/usr/lib/python3.7/ftplib.py", line 749, in login
    self.auth()
  File "/usr/lib/python3.7/ftplib.py", line 761, in auth
    server_hostname=self.host)
  File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket
    session=session
  File "/usr/lib/python3.7/ssl.py", line 853, in _create
    self.do_handshake()
  File "/usr/lib/python3.7/ssl.py", line 1117, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1056)

Answer 1

I just spent a bunch of time trying to figure something similar out and would like to share this with you and potentially anyone else that may come across this.

You are getting the [SSL: DH_KEY_TOO_SMALL] dh key too small error because the server you are connecting too is using an outdated library.

The proper way would be to get the server you are connecting to to update their packages however if you are in the same boat as I was and can't control the server you are connecting to then the alternative is to add context.set_ciphers('DEFAULT@SECLEVEL=1') before your connection

see example below with your code:

from ftplib import FTP, FTP_TLS
import os

ftp = FTP_TLS()
ftp.set_debuglevel(2)
ftp.context.set_ciphers('DEFAULT@SECLEVEL=1')
ftp.connect('ftp.server.com', 21)
ftp.login('Username', 'Password')
item_name = 'myfile.mp4'
item_path = os.path.abspath(item_name)

fp = open(item_path, 'rb')
ftp.storbinary('STOR {}'.format(item_name), fp, 8192)
fp.close()

a shout out to this thread from https://askubuntu.com/questions/1231844/ssl-sslerror-ssl-dh-key-too-small-dh-key-too-small-ssl-c1108 for pointing me in the right direction