Graphic Equaliser
Members-
Content Count
11 -
Joined
-
Last visited
Everything posted by Graphic Equaliser
-
I am not sure of what I'm doing and was hoping for some pointers to connect to a TLSv1.2 only FTP server. I am using Borland C++ Builder 5 (I know - it's ancient) and these versions of the components and OpenSSL :- CompanyName=OverByte (F. Piette) FileDescription=ICS Components for BCB5 FileVersion=2.0.0.22 InternalName=IcsBcb50 LegalCopyright=(c) 1997-2000 by François PIETTE OpenSSL libeay32.dll and ssleay32.dll version 1.0.2zg (v 1.0.2.32) I am not sure what SslContext2->CipherList should be - I currently have "-ALL:+TLSv1.2:+TLSv1.3:HIGH" My sequence of ICS function calls (where mjftp is the FtpCli component) is :- mjftp->HostName="ns130.askia.com"; mjftp->UserName="RSM.user"; mjftp->PassWord="xxxxx"; mjftp->Port="5022"; mjftp->SslType=sslTypeAuthTls; if (!mjftp->Open()) return "**ERROR** MJFTP Open Failed - "+mjftp->LastResponse; if (!mjftp->Auth()) return "**ERROR** MJFTP Auth Failed - "+mjftp->LastResponse; if (!mjftp->User()) return "**ERROR** MJFTP USER Failed - "+mjftp->LastResponse; if (!mjftp->Pass()) return "**ERROR** MJFTP PASS Failed - "+mjftp->LastResponse; ... but it always comes back with "**ERROR** MJFTP Auth Failed - 535 SSL handshake failed. Error #1" What am I doing wrong?
-
AUTH TLS fails every time!
Graphic Equaliser replied to Graphic Equaliser's topic in ICS - Internet Component Suite
When I connect with FileZilla client, it presents me with this certificate, and connects if I accept it :- -
AUTH TLS fails every time!
Graphic Equaliser replied to Graphic Equaliser's topic in ICS - Internet Component Suite
-
AUTH TLS fails every time!
Graphic Equaliser replied to Graphic Equaliser's topic in ICS - Internet Component Suite
Thanks for all your help Angus. Actually, that last example was the latest downloaded OverbyteIcsSslFtpTst.exe (dated 14/8/2023 11:44, version 1) from the demo apps on the Overbyte website. I suspect there may be a bug in it. When I issue Prot P after the error occurs, and then request a directory listing, I get this :- > PROT P < 200 Protection level set to P Request 52 Done. StatusCode = 200 LastResponse was : '200 Protection level set to P' No error Executing Requested Command > PASV < 227 Entering Passive Mode (85,13,217,130,11,119) ! Passive connection requested to: 85.13.217.130:2935, control channel: 85.13.217.130 > LIST < 150 About to start data transfer. ! SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD SSL handshake done, error #0 - SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD < 425 Unable to build data connection: TLS session of data connection not resumed. ! Data Session closed ! Local File Stream Closed ! RETR/LIST/NLST Failed Request 7 Done. StatusCode = 425 LastResponse was : '425 Unable to build data connection: TLS session of data connection not resumed.' Error = 425 (425 Unable to build data connection: TLS session of data connection not resumed.) -
AUTH TLS fails every time!
Graphic Equaliser replied to Graphic Equaliser's topic in ICS - Internet Component Suite
Yes, I can connect to your server. I can also connect to my server, but then I have problems getting a directory listing. I get this :- Winsock version 2.2 WinSock 2.0 Running Executing Requested Command < 220-FileZilla Server 1.8.1 < 220 Please visit https://filezilla-project.org/ Session Connected, error = 0 > AUTH TLS < 234 Using authentication type TLS. ! SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD SSL handshake done, error #0 - SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD > USER RSM.User < 331 Please, specify the password. > PASS ***** < 230 Login successful. > CWD /wwwroot < 250 CWD command successful > PASV < 227 Entering Passive Mode (85,13,217,130,8,155) ! Passive connection requested to: 85.13.217.130:2203, control channel: 85.13.217.130 > LIST ! Data Session closed ! Local File Stream Closed < 425 Error while transfering data: PROT C is not allowed when the control connection is secure. Use PROT P. Request 11 Done. StatusCode = 425 LastResponse was : '425 Error while transfering data: PROT C is not allowed when the control connection is secure. Use PROT P.' Error = 425 (425 Error while transfering data: PROT C is not allowed when the control connection is secure. Use PROT P.) -
AUTH TLS fails every time!
Graphic Equaliser replied to Graphic Equaliser's topic in ICS - Internet Component Suite
Thanks Angus. I couldn't see anything my end. When I used the IcsSSLFTPTst.exe demo app, I get this on Connect :- Winsock version 2.2 WinSock 2.0 Running Executing Requested Command < 220-ics.ftptest.org < < 220-ICS TFtpServer (c) 1998-2023 F. Piette V9.1 < 220 Server: MAGPUB5 at 2024-03-05T10:34:54 Session Connected, error = 0 > AUTH TLS < 234 Using authentication type TLS ! Init SSL failed Unsupported OpenSSL version (0x1000220F) ! Supported versions are 0x0090805F - 0x0090805F FileName: C:\ics_ssl_demos\LIBEAY32.DLL Request 5 Done. StatusCode = 550 LastResponse was : '550 Unsupported OpenSSL version (0x1000220F) ! Supported versions are 0x0090805F - 0x0090805F FileName: C:\ics_ssl_demos\LIBEAY32.DLL' Error = 550 (550 Unsupported OpenSSL version (0x1000220F) ! Supported versions are 0x0090805F - 0x0090805F FileName: C:\ics_ssl_demos\LIBEAY32.DLL) Command Failure -
AUTH TLS fails every time!
Graphic Equaliser replied to Graphic Equaliser's topic in ICS - Internet Component Suite
Angus - thank you - 1.0.2 openssl and ICSv7 work with modern TLSv1.2 servers, except the server is doing something weird and I can't pinpoint it. I can't get as far as the username and password, so can you "sniff" anything different on it, at the AUTH TLS stage? The address is ns130.askia.com on port 5022 using FTP and auth TLS. -
AUTH TLS fails every time!
Graphic Equaliser replied to Graphic Equaliser's topic in ICS - Internet Component Suite
But nothing beyond V7 compiles as a component in BCB5, so I'm stuck! Help! Is there anyone who can get the later Pascal code to compile into a BCB5 installation package (.bpk file)? -
AUTH TLS fails every time!
Graphic Equaliser replied to Graphic Equaliser's topic in ICS - Internet Component Suite
535 SSL handshake failed. Error #1 FileDescription=ICS Components for BCB5 FileVersion=2.0.0.22 Files dated 19/10/2008 16:38:46 -
AUTH TLS fails every time!
Graphic Equaliser replied to Graphic Equaliser's topic in ICS - Internet Component Suite
The CipherList property already contains "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" which looks pretty weak by today's standards. What should I use in its place nowadays with TLSv1.2? -
AUTH TLS fails every time!
Graphic Equaliser replied to Graphic Equaliser's topic in ICS - Internet Component Suite
Thanks for the reply Angus. Please could you indicate the format of the CipherList string for these 2 ciphers :- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS