Jump to content

Graphic Equaliser

Members
  • Content Count

    11
  • Joined

  • Last visited

Everything posted by Graphic Equaliser

  1. Graphic Equaliser

    AUTH TLS fails every time!

    I am not sure of what I'm doing and was hoping for some pointers to connect to a TLSv1.2 only FTP server. I am using Borland C++ Builder 5 (I know - it's ancient) and these versions of the components and OpenSSL :- CompanyName=OverByte (F. Piette) FileDescription=ICS Components for BCB5 FileVersion=2.0.0.22 InternalName=IcsBcb50 LegalCopyright=(c) 1997-2000 by François PIETTE OpenSSL libeay32.dll and ssleay32.dll version 1.0.2zg (v 1.0.2.32) I am not sure what SslContext2->CipherList should be - I currently have "-ALL:+TLSv1.2:+TLSv1.3:HIGH" My sequence of ICS function calls (where mjftp is the FtpCli component) is :- mjftp->HostName="ns130.askia.com"; mjftp->UserName="RSM.user"; mjftp->PassWord="xxxxx"; mjftp->Port="5022"; mjftp->SslType=sslTypeAuthTls; if (!mjftp->Open()) return "**ERROR** MJFTP Open Failed - "+mjftp->LastResponse; if (!mjftp->Auth()) return "**ERROR** MJFTP Auth Failed - "+mjftp->LastResponse; if (!mjftp->User()) return "**ERROR** MJFTP USER Failed - "+mjftp->LastResponse; if (!mjftp->Pass()) return "**ERROR** MJFTP PASS Failed - "+mjftp->LastResponse; ... but it always comes back with "**ERROR** MJFTP Auth Failed - 535 SSL handshake failed. Error #1" What am I doing wrong?
  2. Graphic Equaliser

    AUTH TLS fails every time!

    When I connect with FileZilla client, it presents me with this certificate, and connects if I accept it :-
  3. Graphic Equaliser

    AUTH TLS fails every time!

  4. Graphic Equaliser

    AUTH TLS fails every time!

    Thanks for all your help Angus. Actually, that last example was the latest downloaded OverbyteIcsSslFtpTst.exe (dated 14/8/2023 11:44, version 1) from the demo apps on the Overbyte website. I suspect there may be a bug in it. When I issue Prot P after the error occurs, and then request a directory listing, I get this :- > PROT P < 200 Protection level set to P Request 52 Done. StatusCode = 200 LastResponse was : '200 Protection level set to P' No error Executing Requested Command > PASV < 227 Entering Passive Mode (85,13,217,130,11,119) ! Passive connection requested to: 85.13.217.130:2935, control channel: 85.13.217.130 > LIST < 150 About to start data transfer. ! SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD SSL handshake done, error #0 - SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD < 425 Unable to build data connection: TLS session of data connection not resumed. ! Data Session closed ! Local File Stream Closed ! RETR/LIST/NLST Failed Request 7 Done. StatusCode = 425 LastResponse was : '425 Unable to build data connection: TLS session of data connection not resumed.' Error = 425 (425 Unable to build data connection: TLS session of data connection not resumed.)
  5. Graphic Equaliser

    AUTH TLS fails every time!

    Yes, I can connect to your server. I can also connect to my server, but then I have problems getting a directory listing. I get this :- Winsock version 2.2 WinSock 2.0 Running Executing Requested Command < 220-FileZilla Server 1.8.1 < 220 Please visit https://filezilla-project.org/ Session Connected, error = 0 > AUTH TLS < 234 Using authentication type TLS. ! SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD SSL handshake done, error #0 - SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD > USER RSM.User < 331 Please, specify the password. > PASS ***** < 230 Login successful. > CWD /wwwroot < 250 CWD command successful > PASV < 227 Entering Passive Mode (85,13,217,130,8,155) ! Passive connection requested to: 85.13.217.130:2203, control channel: 85.13.217.130 > LIST ! Data Session closed ! Local File Stream Closed < 425 Error while transfering data: PROT C is not allowed when the control connection is secure. Use PROT P. Request 11 Done. StatusCode = 425 LastResponse was : '425 Error while transfering data: PROT C is not allowed when the control connection is secure. Use PROT P.' Error = 425 (425 Error while transfering data: PROT C is not allowed when the control connection is secure. Use PROT P.)
  6. Graphic Equaliser

    AUTH TLS fails every time!

    Thanks Angus. I couldn't see anything my end. When I used the IcsSSLFTPTst.exe demo app, I get this on Connect :- Winsock version 2.2 WinSock 2.0 Running Executing Requested Command < 220-ics.ftptest.org < < 220-ICS TFtpServer (c) 1998-2023 F. Piette V9.1 < 220 Server: MAGPUB5 at 2024-03-05T10:34:54 Session Connected, error = 0 > AUTH TLS < 234 Using authentication type TLS ! Init SSL failed Unsupported OpenSSL version (0x1000220F) ! Supported versions are 0x0090805F - 0x0090805F FileName: C:\ics_ssl_demos\LIBEAY32.DLL Request 5 Done. StatusCode = 550 LastResponse was : '550 Unsupported OpenSSL version (0x1000220F) ! Supported versions are 0x0090805F - 0x0090805F FileName: C:\ics_ssl_demos\LIBEAY32.DLL' Error = 550 (550 Unsupported OpenSSL version (0x1000220F) ! Supported versions are 0x0090805F - 0x0090805F FileName: C:\ics_ssl_demos\LIBEAY32.DLL) Command Failure
  7. Graphic Equaliser

    AUTH TLS fails every time!

    Angus - thank you - 1.0.2 openssl and ICSv7 work with modern TLSv1.2 servers, except the server is doing something weird and I can't pinpoint it. I can't get as far as the username and password, so can you "sniff" anything different on it, at the AUTH TLS stage? The address is ns130.askia.com on port 5022 using FTP and auth TLS.
  8. Graphic Equaliser

    AUTH TLS fails every time!

    But nothing beyond V7 compiles as a component in BCB5, so I'm stuck! Help! Is there anyone who can get the later Pascal code to compile into a BCB5 installation package (.bpk file)?
  9. Graphic Equaliser

    AUTH TLS fails every time!

    535 SSL handshake failed. Error #1 FileDescription=ICS Components for BCB5 FileVersion=2.0.0.22 Files dated 19/10/2008 16:38:46
  10. Graphic Equaliser

    AUTH TLS fails every time!

    The CipherList property already contains "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" which looks pretty weak by today's standards. What should I use in its place nowadays with TLSv1.2?
  11. Graphic Equaliser

    AUTH TLS fails every time!

    Thanks for the reply Angus. Please could you indicate the format of the CipherList string for these 2 ciphers :- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS
×