Как установить шифр ECDHE-RSA-AES256-GCM-SHA384 в RCurl

Question

Используя RCurl getURL () для загрузки данных, я получаю ошибки типа

SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Пока я читаю, это может быть связано с параметром ssl.cipher.list в параметрах curl.

Если это так, как я могу установить ECDHE-RSA-AES256-GCM-SHA384 в качестве шифра?

Для меня

curlOptions(ssl.cipher.list = "ECDHE-RSA-AES256-GCM-SHA384",...)

и другие опробованные вещи не сработали.

Вот мой sessionInfo ()

> sessionInfo()
R version 3.5.1 (2018-07-02)
Platform: x86_64-w64-mingw32/x64 (64-bit)
Running under: Windows 7 x64 (build 7601) Service Pack 1

Matrix products: default

locale:
[1] LC_COLLATE=German_Germany.1252  LC_CTYPE=German_Germany.1252    LC_MONETARY=German_Germany.1252 LC_NUMERIC=C                   
[5] LC_TIME=German_Germany.1252    

attached base packages:
[1] stats     graphics  grDevices utils     datasets  methods   base     

other attached packages:
[1] RCurl_1.95-4.11 bitops_1.0-6   

loaded via a namespace (and not attached):
[1] compiler_3.5.1 tools_3.5.1    yaml_2.2.0 

Если требуется более подробная информация, пожалуйста, дайте мне знать.

Обновление:

Это вывод для curl::curl_version() версии на R:

> curl::curl_version()
$`version`
[1] "7.59.0"

$ssl_version
[1] "(OpenSSL/1.0.2n) WinSSL"

$libz_version
[1] "1.2.8"

$libssh_version
[1] "libssh2/1.8.0"

$libidn_version
[1] NA

$host
[1] "x86_64-w64-mingw32"

$protocols
 [1] "dict"   "file"   "ftp"    "ftps"   "gopher" "http"   "https"  "imap"   "imaps"  "ldap"   "ldaps"  "pop3"   "pop3s"  "rtsp"   "scp"    "sftp"  
[17] "smtp"   "smtps"  "telnet" "tftp"  

$ipv6
[1] TRUE

$http2
[1] FALSE

$idn
[1] TRUE

Это вывод RCurl::curlVersion()

RCurl::curlVersion()
$`age`
[1] 3

$version
[1] "7.40.0"

$vesion_num
[1] 468992

$host
[1] "x86_64-pc-win32"

$features
      ssl      libz      ntlm asynchdns    spnego largefile       idn      sspi 
        4         8        16       128       256       512      1024      2048 

$ssl_version
[1] "OpenSSL/1.0.0o"

$ssl_version_num
[1] 0

$libz_version
[1] "1.2.8"

$protocols
 [1] "dict"   "file"   "ftp"    "ftps"   "gopher" "http"   "https"  "imap"   "imaps"  "ldap"   "pop3"   "pop3s"  "rtmp"   "rtsp"   "scp"    "sftp"  
[17] "smtp"   "smtps"  "telnet" "tftp"  

$ares
[1] ""

$ares_num
[1] 0

$libidn
[1] ""

На самой Windows установлено следующее, но скорее всего не используется R. Из Git Bash:

$ curl --version
curl 7.60.0 (x86_64-w64-mingw32) libcurl/7.60.0 OpenSSL/1.0.2o (WinSSL) zlib/1.2.11 libidn2/2.0.5 nghttp2/1.32.0

Выход jsonlite::fromJSON(RCurl::getURL("https://www.howsmyssl.com/a/check", .opts = opts))

> jsonlite::fromJSON(RCurl::getURL("https://www.howsmyssl.com/a/check", .opts = opts))
$`given_cipher_suites`
 [1] "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"  "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"     
 [4] "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"      "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
 [7] "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"     "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"   "TLS_RSA_WITH_AES_256_CBC_SHA"         
[10] "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"     "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" 
[13] "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"      "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"      "TLS_DHE_RSA_WITH_SEED_CBC_SHA"        
[16] "TLS_DHE_DSS_WITH_SEED_CBC_SHA"         "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
[19] "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"     "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"   "TLS_RSA_WITH_AES_128_CBC_SHA"         
[22] "TLS_RSA_WITH_SEED_CBC_SHA"             "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"     "TLS_RSA_WITH_IDEA_CBC_SHA"            
[25] "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"   "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"    
[28] "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"     "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"    "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" 
[31] "TLS_RSA_WITH_3DES_EDE_CBC_SHA"         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"    

$ephemeral_keys_supported
[1] TRUE

$session_ticket_supported
[1] FALSE

$tls_compression_supported
[1] FALSE

$unknown_cipher_suite_supported
[1] FALSE

$beast_vuln
[1] FALSE

$able_to_detect_n_minus_one_splitting
[1] TRUE

$insecure_cipher_suites
named list()

$`tls_version`
[1] "TLS 1.0"

$rating
[1] "Bad"

Выход httr::content(httr::GET("https://www.howsmyssl.com/a/check"))

> httr::content(httr::GET("https://www.howsmyssl.com/a/check"))
$`given_cipher_suites`
$`given_cipher_suites`[[1]]
[1] "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"

$`given_cipher_suites`[[2]]
[1] "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"

$`given_cipher_suites`[[3]]
[1] "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"

$`given_cipher_suites`[[4]]
[1] "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"

$`given_cipher_suites`[[5]]
[1] "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"

$`given_cipher_suites`[[6]]
[1] "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"

$`given_cipher_suites`[[7]]
[1] "TLS_RSA_WITH_AES_256_GCM_SHA384"

$`given_cipher_suites`[[8]]
[1] "TLS_RSA_WITH_AES_128_GCM_SHA256"

$`given_cipher_suites`[[9]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"

$`given_cipher_suites`[[10]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"

$`given_cipher_suites`[[11]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"

$`given_cipher_suites`[[12]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"

$`given_cipher_suites`[[13]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"

$`given_cipher_suites`[[14]]
[1] "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"

$`given_cipher_suites`[[15]]
[1] "TLS_RSA_WITH_AES_256_CBC_SHA256"

$`given_cipher_suites`[[16]]
[1] "TLS_RSA_WITH_AES_128_CBC_SHA256"

$`given_cipher_suites`[[17]]
[1] "TLS_RSA_WITH_AES_256_CBC_SHA"

$`given_cipher_suites`[[18]]
[1] "TLS_RSA_WITH_AES_128_CBC_SHA"

$`given_cipher_suites`[[19]]
[1] "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"

$`given_cipher_suites`[[20]]
[1] "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"

$`given_cipher_suites`[[21]]
[1] "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"

$`given_cipher_suites`[[22]]
[1] "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"

$`given_cipher_suites`[[23]]
[1] "TLS_RSA_WITH_3DES_EDE_CBC_SHA"

$`given_cipher_suites`[[24]]
[1] "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"

$`given_cipher_suites`[[25]]
[1] "TLS_RSA_WITH_RC4_128_SHA"

$`given_cipher_suites`[[26]]
[1] "TLS_RSA_WITH_RC4_128_MD5"


$ephemeral_keys_supported
[1] TRUE

$session_ticket_supported
[1] FALSE

$tls_compression_supported
[1] FALSE

$unknown_cipher_suite_supported
[1] FALSE

$beast_vuln
[1] FALSE

$able_to_detect_n_minus_one_splitting
[1] FALSE

$insecure_cipher_suites
$insecure_cipher_suites$`TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA`
$insecure_cipher_suites$`TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA`[[1]]
[1] "uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"


$insecure_cipher_suites$TLS_RSA_WITH_3DES_EDE_CBC_SHA
$insecure_cipher_suites$TLS_RSA_WITH_3DES_EDE_CBC_SHA[[1]]
[1] "uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"


$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_MD5
$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_MD5[[1]]
[1] "uses RC4 which has insecure biases in its output"


$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_SHA
$insecure_cipher_suites$TLS_RSA_WITH_RC4_128_SHA[[1]]
[1] "uses RC4 which has insecure biases in its output"



$tls_version
[1] "TLS 1.2"

$rating
[1] "Bad"

Answer 1

Отвечая на мой вопрос на основе комментария от @hrbrmstr выше.

Итак, похоже, что ваш RCurl был собран с почти 4-летней версией libcurl, и это последний RCurl на CRAN (1.95-4.11)

Я решил переключиться с RCurl на httr и сразу получил результат, то есть теперь я могу загружать данные с нужного ftp-сервера.

Я сравнил вывод RCurl::listCurlOptions() с httr::httr_options(), что позволило мне легче найти правильные имена переменных для использования в параметрах curl.

Надеюсь, этот ответ поможет другим, кто сталкивается с такими же проблемами с RCurl.