Graphic Equaliser
-
Content Count
11 -
Joined
-
Last visited
Posts posted by Graphic Equaliser
-
-
-
Thanks for all your help Angus. Actually, that last example was the latest downloaded OverbyteIcsSslFtpTst.exe (dated 14/8/2023 11:44, version 1) from the demo apps on the Overbyte website. I suspect there may be a bug in it. When I issue Prot P after the error occurs, and then request a directory listing, I get this :-
> PROT P
< 200 Protection level set to P
Request 52 Done.
StatusCode = 200
LastResponse was : '200 Protection level set to P'
No error
Executing Requested Command
> PASV
< 227 Entering Passive Mode (85,13,217,130,11,119)
! Passive connection requested to: 85.13.217.130:2935, control channel: 85.13.217.130
> LIST
< 150 About to start data transfer.
! SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD
SSL handshake done, error #0 - SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD
< 425 Unable to build data connection: TLS session of data connection not resumed.
! Data Session closed
! Local File Stream Closed
! RETR/LIST/NLST Failed
Request 7 Done.
StatusCode = 425
LastResponse was : '425 Unable to build data connection: TLS session of data connection not resumed.'
Error = 425 (425 Unable to build data connection: TLS session of data connection not resumed.) -
Yes, I can connect to your server. I can also connect to my server, but then I have problems getting a directory listing. I get this :-
Winsock version 2.2
WinSock 2.0
Running
Executing Requested Command
< 220-FileZilla Server 1.8.1
< 220 Please visit https://filezilla-project.org/
Session Connected, error = 0
> AUTH TLS
< 234 Using authentication type TLS.
! SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD
SSL handshake done, error #0 - SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD
> USER RSM.User
< 331 Please, specify the password.
> PASS *****
< 230 Login successful.
> CWD /wwwroot
< 250 CWD command successful
> PASV
< 227 Entering Passive Mode (85,13,217,130,8,155)
! Passive connection requested to: 85.13.217.130:2203, control channel: 85.13.217.130
> LIST
! Data Session closed
! Local File Stream Closed
< 425 Error while transfering data: PROT C is not allowed when the control connection is secure. Use PROT P.
Request 11 Done.
StatusCode = 425
LastResponse was : '425 Error while transfering data: PROT C is not allowed when the control connection is secure. Use PROT P.'
Error = 425 (425 Error while transfering data: PROT C is not allowed when the control connection is secure. Use PROT P.) -
Thanks Angus. I couldn't see anything my end. When I used the IcsSSLFTPTst.exe demo app, I get this on Connect :-
Winsock version 2.2
WinSock 2.0
Running
Executing Requested Command
< 220-ics.ftptest.org
<
< 220-ICS TFtpServer (c) 1998-2023 F. Piette V9.1
< 220 Server: MAGPUB5 at 2024-03-05T10:34:54
Session Connected, error = 0
> AUTH TLS
< 234 Using authentication type TLS
! Init SSL failed Unsupported OpenSSL version (0x1000220F) !
Supported versions are 0x0090805F - 0x0090805F
FileName: C:\ics_ssl_demos\LIBEAY32.DLL
Request 5 Done.
StatusCode = 550
LastResponse was : '550 Unsupported OpenSSL version (0x1000220F) !
Supported versions are 0x0090805F - 0x0090805F
FileName: C:\ics_ssl_demos\LIBEAY32.DLL'
Error = 550 (550 Unsupported OpenSSL version (0x1000220F) !
Supported versions are 0x0090805F - 0x0090805F
FileName: C:\ics_ssl_demos\LIBEAY32.DLL)
Command Failure -
Angus - thank you - 1.0.2 openssl and ICSv7 work with modern TLSv1.2 servers, except the server is doing something weird and I can't pinpoint it. I can't get as far as the username and password, so can you "sniff" anything different on it, at the AUTH TLS stage? The address is ns130.askia.com on port 5022 using FTP and auth TLS.
-
But nothing beyond V7 compiles as a component in BCB5, so I'm stuck! Help! Is there anyone who can get the later Pascal code to compile into a BCB5 installation package (.bpk file)?
-
535 SSL handshake failed. Error #1
FileDescription=ICS Components for BCB5
FileVersion=2.0.0.22Files dated 19/10/2008 16:38:46
-
The CipherList property already contains "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" which looks pretty weak by today's standards. What should I use in its place nowadays with TLSv1.2?
-
Thanks for the reply Angus. Please could you indicate the format of the CipherList string for these 2 ciphers :-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ( 0xc030
) ECDH x25519 (eq. 3072 bits RSA) FSTLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ( 0xc02f
) ECDH x25519 (eq. 3072 bits RSA) FS -
I am not sure of what I'm doing and was hoping for some pointers to connect to a TLSv1.2 only FTP server. I am using Borland C++ Builder 5 (I know - it's ancient) and these versions of the components and OpenSSL :-
CompanyName=OverByte (F. Piette)
FileDescription=ICS Components for BCB5
FileVersion=2.0.0.22
InternalName=IcsBcb50
LegalCopyright=(c) 1997-2000 by François PIETTEOpenSSL libeay32.dll and ssleay32.dll version 1.0.2zg (v 1.0.2.32)
I am not sure what SslContext2->CipherList should be - I currently have "-ALL:+TLSv1.2:+TLSv1.3:HIGH"
My sequence of ICS function calls (where mjftp is the FtpCli component) is :-
mjftp->HostName="ns130.askia.com"; mjftp->UserName="RSM.user"; mjftp->PassWord="xxxxx"; mjftp->Port="5022"; mjftp->SslType=sslTypeAuthTls; if (!mjftp->Open()) return "**ERROR** MJFTP Open Failed - "+mjftp->LastResponse; if (!mjftp->Auth()) return "**ERROR** MJFTP Auth Failed - "+mjftp->LastResponse; if (!mjftp->User()) return "**ERROR** MJFTP USER Failed - "+mjftp->LastResponse; if (!mjftp->Pass()) return "**ERROR** MJFTP PASS Failed - "+mjftp->LastResponse;
...
but it always comes back with "**ERROR** MJFTP Auth Failed - 535 SSL handshake failed. Error #1"
What am I doing wrong?
AUTH TLS fails every time!
in ICS - Internet Component Suite
Posted · Edited by Graphic Equaliser
When I connect with FileZilla client, it presents me with this certificate, and connects if I accept it :-