What is the problem you are having with rclone?
Not being able to ls to Dell ECS Storage (S3) - remote error: tls: handshake failure
What is your rclone version (output from rclone version
)
rclone v1.55.0
- os/type: linux
- os/arch: amd64
- go/version: go1.16.2
- go/linking: static
- go/tags: cmount
Which OS you are using and how many bits (eg Windows 7, 64 bit)
CentOS Linux release 7.7.1908 (Core)
Linux XXXXX 3.10.0-1062.9.1.el7.x86_64 #1 SMP Fri Dec 6 15:49:49 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Which cloud storage system are you using? (eg Google Drive)
Dell ECS
The command you were trying to run (eg rclone copy /tmp remote:tmp
)
rclone -vv ls ecs:XXXXXXX
The rclone config contents with secrets removed.
[ecs]
type = s3
provider = Other
env_auth = false
access_key_id = XXXXXXXXXX
secret_access_key = XXXXXXXXXXXXX
endpoint = XXXXXXXX
acl = private
A log from the command with the -vv
flag
[XXXXXX@XXXXXX ~]$ rclone -vv ls ecs:/YYYYYYYY/ZZZZZZZZZ
2021/04/23 19:38:28 DEBUG : Using config file from "/XXXXXXXX/.config/rclone/rclone.conf"
2021/04/23 19:38:28 DEBUG : rclone: Version "v1.55.0" starting with parameters ["rclone" "-vv" "ls" "ecs:/YYYYYYYY/ZZZZZZZZ"]
2021/04/23 19:38:28 DEBUG : Creating backend with remote "ecs:/YYYYYYY/ZZZZZZZ"
2021/04/23 19:38:28 DEBUG : fs cache: renaming cache item "ecs:/YYYYYYYY/ZZZZZZZ" to be canonical "ecs:YYYYYYYY/ZZZZZZZZ"
2021/04/23 19:38:28 DEBUG : 2 go routines active
2021/04/23 19:38:28 Failed to ls: RequestError: send request failed
caused by: Get "https://XXXXXXX/YYYYYYYYYY?delimiter=&max-keys=1000&prefix=ZZZZZZZZ%2F": remote error: tls: handshake failure
I tried with different buckets, getting the same result.
Found at htt ps://forum.rclone.org/t/tls-version-for-rclone-1-50-1/15018 rclone uses go to connect
I found at htt ps://stackoverflow.com/questions/41250665/go-https-client-issue-remote-error-tls-handshake-failure someone with the same error message so I tried with openssl, and got:
$ openssl s_client -connect XXXXXXXX:443
...
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: 608333D0B43B84A06B296217791ABE8DE5D81B4185954FB4F8D8421D193C8A4C
Session-ID-ctx:
Master-Key: XXXXXXXXX
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1619211216
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
And the solution talks something about the cipher.
So, looked for the ciphers implemented in go. And found them at htt ps://golang.org/pkg/crypto/tls/ and couldn't find the one mentioned by openssl
Looked for the supported ciphers so found a script that gave me the ones supported by openssl:
[XXXXXX@XXXXXXX ~]$ ./test_ciphers XXXXXXXX:443
Obtaining cipher list from OpenSSL 1.0.2k-fips 26 Jan 2017.
Testing ECDHE-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing AES256-SHA256...NO (sslv3 alert handshake failure)
Testing AES256-SHA...NO (sslv3 alert handshake failure)
Testing CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing PSK-AES256-CBC-SHA...NO (no ciphers available)
Testing ECDHE-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ADH-SEED-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing AES128-SHA256...NO (sslv3 alert handshake failure)
Testing AES128-SHA...NO (sslv3 alert handshake failure)
Testing SEED-SHA...NO (sslv3 alert handshake failure)
Testing CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing PSK-AES128-CBC-SHA...NO (no ciphers available)
Testing ECDHE-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing IDEA-CBC-SHA...NO (sslv3 alert handshake failure)
Testing PSK-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing KRB5-IDEA-CBC-SHA...NO (no ciphers available)
Testing KRB5-DES-CBC3-SHA...NO (no ciphers available)
Testing KRB5-IDEA-CBC-MD5...NO (no ciphers available)
Testing KRB5-DES-CBC3-MD5...NO (no ciphers available)
Testing ECDHE-RSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing RC4-SHA...NO (sslv3 alert handshake failure)
Testing RC4-MD5...NO (sslv3 alert handshake failure)
Testing PSK-RC4-SHA...NO (no ciphers available)
Testing KRB5-RC4-SHA...NO (no ciphers available)
Testing KRB5-RC4-MD5...NO (no ciphers available)
Testing ECDHE-RSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-SHA256...NO (sslv3 alert handshake failure)
Testing NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-MD5...NO (sslv3 alert handshake failure)
Found at htt ps://testssl.sh/openssl-iana.mapping.html a way to translate openssl cipher names to iana names, and didn't help since the ones reported by openssl, converted to iana, where also not found.
I think go doesn't include the ciphers I need.
Could someone help me find a solution to be able to connect to our object storage?
Thank you in advance.