Quarks

8 hours ago, Fr0sT.Brutal said:

Why don't you bench your FastCopy code against Windows copy on a 4 Gb file and see if it really worth trying?

I did, it's pretty the same as FastCopy transfer performance. Except when I am using a TeraCopy alternative called "KillCopy".

My test KillCopy able to exclusively able to use the available transfer bandwidth for local copy, so it's managed to saturated other Windows's apps bandwidth needs to local transfer. This is problematic for daily usage computer but will be useful when we only doing backup/copy/move files.

From Detect It Easy, perhaps KillCopy is using Delphi as the language, hence I pursue the solution in here, because the KillCopy seems to be abandonment since 2006 ago. Attempt to locate the author has failed, something big must be happened to the author.

But somehow it managed to working in Windows 10.

The benchmark result (local copy, partition to partition, GPT, HDD USB 3.1 external enclosure, consist of pretty much big files(5GB++)) :

5 hours ago, Lars Fosdal said:

Are you doing local copying or copying across the network?
 

 

From empirical evidence, it seems to open files with read only, deny none. I've never experienced a sharing violation, and I have multiple concurrent clients that pull down changed .exe files from a central share.
 

Local copy, haven't tried with network shares.

Hi David, really glad to see you in here, I just wanted to test it out myself for copying/moving large files (5GB+).

I think using 'normal' windows's api has problems with sharing its transfer/bandwidth with other apps in windows.

I wanted to get sort of 'exclusive' transfer/bandwidth speed in Windows.

Could you please give me example code for using your BufferedFileStream unit?. Really appreciated for your helps.

Thanks, my needs is only for the fastest way to copy and paste in Windows without any filesize limits. 

The aforementioned units seems claimed to be the 'fastest' than other ways. Wanted to try to make a free & simple app like TeraCopy.

So far only a TeraCopy alternative called "KillCopy" which is doing the fastest transfer.

Ok, thanks for clarification, 

From what I have understanding, unit BufferedFileStream is supporting file larger than 4GB by using SetFilePointerEx, what I need is copy and paste a file code example by using BufferedFileStream.

Would you please help me?.

Hello,

   Can anyone give example codes in DELPHI when using unit BufferedFileStream & FastCopy for Copy paste a file?

My current Delphi newbie code :
 

{ FastCopyFile implementation }
function FastCopyFile(const ASourceFileName, ADestinationFileName: TFileName;
  CopyMode: TFastCopyFileMode;
  Callback: TFastCopyFileNormalCallback;
  Callback2: TFastCopyFileMethodCallback): Boolean; overload;
const
  BUFFER_SIZE = 524288; // 512KB blocks, change this to tune your speed

var
  Buffer: array of Byte;
  ASourceFile, ADestinationFile: THandle;
  FileSize, BytesRead, BytesWritten, BytesWritten2, TotalBytesWritten,
  CreationDisposition: Int64;
  CanContinue, CanContinueFlag: Boolean;
  BFS: TBaseCachedFileStream;

begin
  FileSize := 0;
  TotalBytesWritten := 0;
  CanContinue := True;
  SetLength(Buffer, BUFFER_SIZE);

  // Manage the Creation Disposition flag
  CreationDisposition := CREATE_ALWAYS;
  if CopyMode = fcfmAppend then
    CreationDisposition := OPEN_ALWAYS;

  // Opening the source file in read mode
  ASourceFile := OpenLongFileName(ASourceFileName, GENERIC_READ, 0, OPEN_EXISTING);
  BFS := TBaseCachedFileStream.Create(ASourceFileName);
  if ASourceFile <> 0 then
  try
    FileSize := FileSeek(ASourceFile, 0, FILE_END);
    FileSeek(ASourceFile, 0, FILE_BEGIN);

    // Opening the destination file in write mode (in create/append state)
    ADestinationFile := OpenLongFileName(ADestinationFileName, GENERIC_WRITE,
      FILE_SHARE_READ, CreationDisposition);

    if ADestinationFile <> 0 then
    try
      // If append mode, jump to the file end
      if CopyMode = fcfmAppend then
        FileSeek(ADestinationFile, 0, FILE_END);

      // For each blocks in the source file
      while CanContinue and (LongWord(FileSeek(ASourceFile, 0, FILE_CURRENT)) < FileSize) do
      begin

        // Reading from source
        BFS.Read(Buffer[0],BUFFER_SIZE);
        if BytesRead <> 0 then
        begin
          // Writing to destination
          BFS.Write(Buffer[0],BUFFER_SIZE);
          //WriteFile(ADestinationFile, Buffer[0], BytesRead, BytesWritten, nil);

          // Read/Write secure code block (e.g. for WiFi connections)
          if BytesWritten < BytesRead then
          begin
            //WriteFile(ADestinationFile, Buffer[BytesWritten], BytesRead - BytesWritten, BytesWritten2, nil);
            BFS.Write(Buffer[BytesWritten],BUFFER_SIZE);
            Inc(BytesWritten, BytesWritten2);
            if BytesWritten < BytesRead then
              RaiseLastOSError;
          end;

          // Notifying the caller for the current state
          Inc(TotalBytesWritten, BytesWritten);
          CanContinueFlag := True;
          if Assigned(Callback) then
            Callback(ASourceFileName, TotalBytesWritten, FileSize, CanContinueFlag);
          CanContinue := CanContinue and CanContinueFlag;
          if Assigned(Callback2) then
            Callback2(ASourceFileName, TotalBytesWritten, FileSize, CanContinueFlag);
          CanContinue := CanContinue and CanContinueFlag;
        end;

      end;

    finally
      CloseHandle(ADestinationFile);
    end;

  finally
    CloseHandle(ASourceFile);
  end;

  // Check if cancelled or not
  if not CanContinue then
    if FileExists(ADestinationFileName) then
      DeleteFile(ADestinationFileName);

  // Results (checking CanContinue flag isn't needed)
  Result := (FileSize <> 0) and (FileSize = TotalBytesWritten);
end

 I wanted to incorporate both of unit BufferedFileStream & FastCopy, any helps is appreciated. 

The problem with current unity FastCopy is, only able to copy and paste files below 4 GB in size. I wanted it to be able to copy practically unlimited filesize.

I know it's a weekend but still quite shocked a company like embarcadero/Idera doesn't do network/web app monitoring 

Problematic for me, was able to logged in once but cannot anymore with error "Sorry, an error occurred trying to log you in - please try again".

Just today, i cannot logging in anymore with error "Sorry, an error occurred trying to log you in - please try again".

Can anyone confirm the same thing?

Here is from OverbyteIcsXferTst :

23:38:18:401 03/04/2020
23:38:18:401 Connect/Logon to FTP Server: 127.0.0.1:5420
23:38:18:401 23:38:18:401 Control DNS Lookup Done - 127.0.0.1
23:38:18:402 23:38:18:402 02562470 Socket handle created handle=1780
23:38:18:402 23:38:18:402 TWSocket will connect to 127.0.0.1:5420
23:38:18:402 23:38:18:402 Control Socket Connect, error=0 to 127.0.0.1:5420
23:38:18:402 < 220-Welcome to my Server
23:38:18:402 < 220-
23:38:18:402 < 220 ICS FTP Server ready.
23:38:18:402 FTP Session Connected OK to: 127.0.0.1:5420
23:38:18:402 23:38:18:402 Start command, Req=HostAsync - HOST [127.0.0.1]
23:38:18:402 > HOST [127.0.0.1]
23:38:18:402 23:38:18:402 02562470 PutDataInSendBuffer handle=1780 [9] Data:$4F48 $5453 $5B20 $3231 $2E37 $2E30 $2E30 $5D31 $A0D $00 $00 $00 $10 $264 $4B0 $02 $01 $00 
23:38:18:404 < 220 HOST Ok, FTP Server ready.
23:38:18:404 23:38:18:404 Start command, Req=AuthAsync - AUTH TLS
23:38:18:404 > AUTH TLS
23:38:18:404 23:38:18:404 02562470 PutDataInSendBuffer handle=1780 [10] Data:$5541 $4854 $5420 $534C $A0D $00 $00 $00 $6061 $271 
23:38:18:405 < 234 Using authentication type TLS
23:38:18:405 23:38:18:405 02562470 StartSslHandshake handle=1780
23:38:18:405 23:38:18:405 02562470 InitSSLConnection handle=1780
23:38:18:405 Check for Old SSL Session
23:38:18:405 No Old SSL Session Cached
23:38:18:405 23:38:18:405 02562470 Start Ssl ReadBIO
23:38:18:405 23:38:18:405 02562470 ICB> SSL_handshake_start: where=00000010, state=before SSL initialization
23:38:18:405 23:38:18:405 02562470 ICB> SSL_connect: before SSL initialization
23:38:18:405 23:38:18:405 ProtoMsg: None, State: SSLv3/TLS write client hello, Send, DataLen: 5, Data= 160301019A
23:38:18:405 23:38:18:405 ProtoMsg: TLS 1.3 Handshake: Client Hello, State: SSLv3/TLS write client hello, Send, DataLen: 410, Data= 0100019603031EBEED0E108F8683EC69BDE3CDF6D17ABAD9C6D50CB5482E5C25CA61335517C420C515D9A0637BB8533DC1CF5BE2EBEB6460B36D1DF0F0BB4BD8E571FE517E2A7900B8130213031301C02CC03000A3009FCCA9CCA8CCAAC0AFC0ADC0A3C09FC05DC061C057C05300A7C02BC02F00A2009EC0AEC0ACC0A2C09EC05CC060C056C05200A6C024C028006B006AC073C07700C400C3006D00C5C023C02700670040C072C07600BE00BD006C00BFC00AC0140039003800880087C019003A0089C009C01300330032009A009900450044C0180034009B0046009DC0A1C09DC051009CC0A0C09CC050003D00C0003C00BA00350084002F00960041000700FF01000095000B000403000102000A000C000A001D0017001E00190018002300000016000000170000000D0030002E040305030603080708080809080A080B080408050806040105010601030302030301020103020202040205020602002B0009080304030303020301002D00020101003300260024001D0020C75A256AD644C155D13B89F87F19F3F5F46FD3170B381C087A0E546B9C9AE973
23:38:18:405 23:38:18:405 02562470 ICB> SSL_connect: SSLv3/TLS write client hello
23:38:18:405 23:38:18:405 02562470 BIO_read(nbio, 0x24F2FF8, 415) = 415   [11] Data:$316 $101 $19A $100 $396 $1E03 $EDBE $100E $868F $EC83 $BD69 $CDE3 $D1F6 $BA7A $C6D9 $CD5 $48B5 $5C2E $CA25 $3361 $1755 $20C4 $15C5 $A0D9 $7B63 $53B8 $C13D $5BCF $EBE2 $64EB $B360 $1D6D $F0F0 $4BBB $E5D8 $FE71 $7E51 $792A $B800 $213 $313 $113 $2CC0 $30C0 $A300 $9F00 $A9CC $A8CC $AACC $AFC0 $ADC0 $A3C0 $9FC0 $5DC0 $61C0 $57C0 $53C0 $A700 $2BC0 $2FC0 $A200 $9E00 $AEC0 $ACC0 $A2C0 $9EC0 $5CC0 $60C0 $56C0 $52C0 $A600 $24C0 $28C0 $6B00 $6A00 $73C0 $77C0 $C400 $C300 $6D00 $C500 $23C0 $27C0 $6700 $4000 $72C0 $76C0 $BE00 $BD00 $6C00 $BF00 $AC0 $14C0 $3900 $3800 $8800 $8700 $19C0 $3A00 $8900 $9C0 $13C0 $3300 $3200 $9A00 $9900 $4500 $4400 $18C0 $3400 $9B00 $4600 $9D00 $A1C0 $9DC0 $51C0 $9C00 $A0C0 $9CC0 $50C0 $3D00 $C000 $3C00 $BA00 $3500 $8400 $2F00 $9600 $4100 $700 $FF00 $01 $9500 $B00 $400 $03 $201 $A00 $C00 $A00 $1D00 $1700 $1E00 $1900 $1800 $2300 $00 $1600 $00 $1700 $00 $D00 $3000 $2E00 $304 $305 $306 $708 $808 $908 $A08 $B08 $408 $508 $608 $104 $105 $106 $303 $302 $103 $102 $203 $202 $204 $205 $206 $2B00 $900 $308 $304 $303 $302 $01 -$102 $01 3&$$1D $C720 $255A $D66A $C144 $D155 $893B $7FF8 $F319 $F4F5 $D36F $B17 $1C38 $7A08 $540E $9C6B $E99A s$00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 
23:38:18:405 23:38:18:405 02562470 BIO_read(nbio, 0x24F14C8, 0) = 0   [12] Data:
23:38:18:406 23:38:18:406 02562470 TCustomSslWSocket.Do_FD_CLOSE error #0 handle=1780
23:38:18:406 23:38:18:406 02562470 *CloseCalled handle=1780, State=SSLv3/TLS write client hello (TLS_ST_CW_Client_Hello), Err=error:00000000:lib(0):func(0):reason(0)
23:38:18:406 23:38:18:406 02562470 SslHandshakeDone(1) Handle=1780. error:00000000:lib(0):func(0):reason(0), State: SSLv3/TLS write client hello, connection closed unexpectedly, session reused=False
23:38:18:406  SSL Handshake Failed - error:00000000:lib(0):func(0):reason(0), State: SSLv3/TLS write client hello, connection closed unexpectedly
23:38:18:406 23:38:18:406 02562470 TCustomWSocket.Shutdown 1 handle=1780
23:38:18:406 23:38:18:406 02562470 FCloseInvoked=0 handle=1780, State=SSLv3/TLS write client hello
23:38:18:406 23:38:18:406 Control Socket Closed, error=0
23:38:18:406 FTP Session Closed
23:38:18:406 23:38:18:406 02562470 ResetSslSession handle=1780

 

From the server :

03/04/2020 23:38:18 -  -  Disconnected
03/04/2020 23:38:18 - > 127.0.0.1 234 Using authentication type TLS
03/04/2020 23:38:18 -  -  AUTH C:\TEMP\TLS
03/04/2020 23:38:18 - > 127.0.0.1 220 HOST Ok, FTP Server ready.
03/04/2020 23:38:18 -  -  HOST C:\TEMP\[127.0.0.1]
03/04/2020 23:38:18 -  -  Connected
03/04/2020 23:38:10 - Successfully Started the FTP Server

The TfrmMain.SSLFtpServer1Host code :

procedure TfrmMain.SSLFtpServer1Host(Sender: TObject; Client: TFtpCtrlSocket;
  Host: TFtpString; var Allowed: Boolean);
begin
{ HOST might be ftp.domain.com or [123.123.123.123]   }
    Allowed := true;
end;

Here is from filezilla :

23:16:31    Status:    Connecting to 127.0.0.1:5420...
23:16:31    Status:    Connection established, waiting for welcome message...
23:16:31    Response:    220-Welcome to my Server
23:16:31    Response:    220-
23:16:31    Response:    220 ICS FTP Server ready.
23:16:31    Command:    AUTH TLS
23:16:31    Response:    234 Using authentication type TLS
23:16:31    Status:    Initializing TLS...
23:16:31    Error:    GnuTLS error -110: The TLS connection was non-properly terminated.
23:16:31    Status:    Server did not properly shut down TLS connection
23:16:31    Status:    Connection attempt failed with "ECONNABORTED - Connection aborted".
23:16:31    Error:    Could not connect to server
23:16:31    Status:    Waiting to retry...

From smartftp, the ftp server logged also the same like openssl s_client, filezilla, smartftp :

03/04/2020 23:19:41 -  -  Disconnected
03/04/2020 23:19:41 - > 127.0.0.1 234 Using authentication type TLS
03/04/2020 23:19:41 -  -  AUTH C:\TEMP\TLS
03/04/2020 23:19:41 -  -  Connected

So confirmed it's from my ftp server. searching thorough ICS folder or my project file doesn't return a match for 'C:\TEMP' or 'TEMP'.

The reason i am not using more proper FTP Client is because it's faster to paste from windows command prompt.

When using openssl s_client working then it will be guarantee to work in full pledges ftp client.

I don't have a clue without someone checking the project out.

No, openssl s_client is understand the explicit starttls & ftp protocol, you can check the definition in here :

-starttls protocol

Send the protocol-specific message(s) to switch to TLS for communication. protocol is a keyword for the intended protocol. Currently, the only supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server", "irc", "postgres", "mysql", "lmtp", "nntp", "sieve" and "ldap".

Thank you.

New logging as follow :

03/04/2020 20:31:37 -  -  Disconnected
03/04/2020 20:31:37 - > 127.0.0.1 234 Using authentication type TLS
03/04/2020 20:31:37 -  -  AUTH C:\TEMP\TLS
03/04/2020 20:31:37 -  -  Connected
03/04/2020 20:30:58 -  -  Disconnected
03/04/2020 20:30:58 - > 127.0.0.1 234 Using authentication type TLS
03/04/2020 20:30:58 -  -  AUTH C:\TEMP\TLS
03/04/2020 20:30:58 -  -  Connected
03/04/2020 20:30:20 - Successfully Started the FTP Server

The code is simple :

procedure TfrmMain.SSLFtpServer1AnswerToClient(Sender: TObject;
  Client: TFtpCtrlSocket; var Answer: TFtpString);
begin
    Logit('> ' + Client.GetPeerAddr + ' ' + Answer)
end;

I could not quite figuring out on why there is extra "C:\TEMP" on client? or server? replies.

Waiting for IcsHosts for secure ftp server sample.

>> Improving your logging will help, you did not report the response or errors to commands received which is essential to error tracing with bad clients. 

I haven't know to logging the received command, perhaps you could give me the pointer or sample codes?. Logging in using filezilla or smartftp into ICS sample project is working fine.

>>The latest ICS in SVN has FTP server improvements to simplify SSL configuration in the same way as the web and proxy servers two years ago using IcsHosts, but there is no sample to copy yet, you need to look at the multi-web server sample and see how that configures listeners and at http://wiki.overbyte.eu/wiki/index.php/FAQ_Using_IcsHosts. 

Thanks for the reminder, i am already using latest and greatest SVN commit, but i don't use any proxy as these tests is only from local range. Does that info also relevant with TSslFTPServer?

About ICS 8.64 release, does sslTLS_V1_3_SERVER and sslTLS_V1_3_CLIENT will be finalized or completed before the final release?

>> I have no idea how the openssl client tool works or why you are using it to test FTP, but 'AUTH C:\TEMP\TLS' is not a valid command, it should be AUTH TLS'. You have not shown what smartftp sent.

I couldn't figure it out why either in the server or client (filezilla) it's sent or received as 'AUTH C:\TEMP\TLS', in smartftp it just mentioned as cannot connect just if as the server is down.

>> Since the ICS sample works, you have missed something in your implementation but I can not debug your code. 

The project was originally as normal plain non-secure FTP server, so i think also it may have missed something in the codes. Currently i cannot quite figure it out to pin point which is wrong.

Other than 'barking' at the same tree,  i think i will re-base my project with using the ICS sample project in which the project already 'guaranteed' & designed to work.

Thanks a lot for all these times.

>> You don't log the IP address and port your server is using, although your client says port 5420 which is not an SSL FTP port, so the server does not attempt to negotiate SSL   Using non standard ports for SSL requires extra code.  V8.64 has a new Option ftpsAuthForceSsl that might do it simply.

Using normal FTP port 21 also doing the same thing in openssl s_client and filezilla/smartftp. I have specified in filezilla/smartftp to do explicit AUTH TLS. Can you tell me on which event or parts for the extra code?, so i can make comparison with the ICS project. Already tried using 'ftpsAuthForceSsl' option but doesn't make any differences :-(.

>> Not sure why you are testing an FTP servers with a non-FTP client that does not send the correct protocol. 

The following command below is sending the correct explicit TLS protocol, first connect with plain text FTP protocol until "AUTH TLS", you can search it on the internet about it. It being used normally for testing TLS server. The specified ftp part is for the FTP testing specification not a port. (using it on ICS sample project is working perfectly)

openssl s_client -connect 127.0.0.1:5420 -starttls ftp

The same thing from filezilla or smartftp

6:25:37    Status:    Connecting to 127.0.0.1:5420...
16:25:37    Status:    Connection established, waiting for welcome message...
16:25:37    Status:    Initializing TLS...
16:25:37    Error:    GnuTLS error -110: The TLS connection was non-properly terminated.
16:25:37    Status:    Server did not properly shut down TLS connection
16:25:37    Status:    Connection attempt failed with "ECONNABORTED - Connection aborted".
16:25:37    Error:    Could not connect to server
16:25:37    Status:    Waiting to retry...

What  i am trying to achieve is only simple FTPd with only TLS v1.2 working.

Original ICS sample is working fine with the same components parameters that i have copied from it, but on my project somehow it doesn't with the same certificates, key, CA.

Just tried to generate my own self-signing certificate, key, and CA but the same thing happened. Used the ..\ICS\Samples\Delphi\SslInternet\SslCerts\IcsSslBuildCerts.bat file.

Currently here is the log from logit :

02/04/2020 01:38:59 -  -  Disconnected
02/04/2020 01:38:59 -  -  AUTH C:\TEMP\TLS
02/04/2020 01:38:59 -  -  Connected
02/04/2020 01:38:58 -  -  Disconnected
02/04/2020 01:38:58 -  -  AUTH C:\TEMP\TLS
02/04/2020 01:38:58 -  -  Connected
02/04/2020 01:38:53 - Successfully Started the FTP Server
02/04/2020 01:38:53 - FTP SSL Types : ftpAuthTls
02/04/2020 01:38:53 - FTP SSL Types : ftpAuthSsl
02/04/2020 01:38:53 - SSL Verify Peer :0
02/04/2020 01:38:53 - SSL CA File 😕
02/04/2020 01:38:53 - SSL Private List :ServerKey.pem
02/04/2020 01:38:53 - SSL Certificate File :ServerCert.pem
02/04/2020 01:38:53 - SSL Session Timeout :300s
02/04/2020 01:38:53 - SSL Session Cache Modes : sslSESS_CACHE_SERVER
02/04/2020 01:38:53 - SSL Maximum Version : : sslVerMax
02/04/2020 01:38:53 - SSL Minimum Version : : sslVerTLS1_2
02/04/2020 01:38:53 - OPENSSLDIR: "C:\Program Files\Common Files\SSL"
02/04/2020 01:38:53 - platform: VC-WIN64A-rtt
02/04/2020 01:38:53 - built on: Tue Mar 17 20:12:47 2020 UTC
02/04/2020 01:38:53 - compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MT /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM
02/04/2020 01:38:53 - OpenSSL 1.1.1e  17 Mar 2020
02/04/2020 01:38:53 -         Running
02/04/2020 01:38:53 -         WinSock 2.0
02/04/2020 01:38:53 -         Version 2.2
02/04/2020 01:38:53 -     Winsock:
02/04/2020 01:38:53 -     TFtpServer (c) 1998-2020 F. Piette V8.64 
02/04/2020 01:38:53 -     TWSocket (c) 1996-2020 Francois Piette V8.64 
02/04/2020 01:38:53 - Using:
02/04/2020 01:38:53 - SslFtpServ (c) 1998-2020 F. Piette V8.64

From the openssl client :

openssl s_client -connect 127.0.0.1:5420 -starttls ftp
CONNECTED(00000164)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 94 bytes and written 303 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

@Angus Robertson

Thanks you for taking a look at my thread, that's the problems, Ticslogger is doesn't work in my part, showing up as "Integer Overflow" when starting the x64 server.

>>What SSL certificate are you using, and what intermediate, since you are setting SslCaFile.  But servers don't use SslCAPath.

The 01cert.pem, 01key.pem, cacert.pem are only default one from the ..\ICS\Samples\Delphi\SslInternet folder.

What i have tried is also tinkering with the OpenSSL cipherlist and even accepting all cipher with "ALL" still couldn't make it working.

Also countless time tinkering with SslMinVersion & SslMaxVersion still no dice, somehow it's like ICS ignoring my configurations/parameters :-(.

If you have time, please take a look at my project, i am sure something simple or worse something in  the code, upon comparing with beyond compare, i don't notice any big differences.

I am currently confused about my secure FTP daemon in Delphi RIO and using ICS 8.6.4 from the SVN.

I have tried to mimic exactly the OverbyteIcsSslFtpServ example project (copy & paste components or manually copying and verifying it).

The problem is my project doesn't understand the AUTH TLS handshake.

When using openssl client, the result is :

openssl s_client -connect 127.0.0.1:21 -starttls ftp
CONNECTED(00000164)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 94 bytes and written 303 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

Like you have see above, my secure FTPd somehow doesn't serving TLS handshake.

Probably my code below is relevant to why it's doesn't work? :

procedure TfrmMain.StartServer;
var
    wsi     : TWSADATA;
    SSLType : TFtpSslType;
    SSLVer  : TSslVerMethod;
    SSLCache : TSslSessCacheMode;
    SSLCachemodes : TSslSessCacheModes;
    MinSSLMethod :  TSslVerMethod;
    MaxSSLMethod :  TSslVerMethod;
    SSLTypeModes : TFtpSslTypes;
begin
    { Display version info for program and use components }
    wsi := WinsockInfo;
    Logit(Trim(CopyRight));
    Logit('Using:');
    Logit('   ' + OverbyteIcsWSocket.CopyRight);
    Logit('   ' + OverbyteIcsFtpSrv.CopyRight);
    Logit('    Winsock:');
    Logit('        Version ' +
            Format('%d.%d', [WinsockInfo.wHighVersion shr 8,
                             WinsockInfo.wHighVersion and 15]));
    Logit('        ' + String(StrPas(wsi.szDescription)));
    Logit('        ' + String(StrPas(wsi.szSystemStatus)));
{$IFNDEF VER100}
    { A bug in Delphi 3 makes lpVendorInfo invalid }
    if wsi.lpVendorInfo <> nil then
        Logit('        ' + String(StrPas(wsi.lpVendorInfo)));
{$ENDIF}
    { Set SSL properties, internal session caching enabled }
//    SslContext1.SslVersionMethod            := sslV23_SERVER;
    //SslContext1.SslOptions                  := [sslOpt_NO_SSLv2]; //it's unsecure
    SslContext1.InitContext; //Pre-loads OpenSSL DLL's
    Logit(OpenSslVersion);
    Logit(OpenSslCompilerFlags);
    Logit(OpenSslBuiltOn);
    Logit(OpenSslPlatForm);
    Logit(OpenSslDir);
    frmMain.SslContext1.SslMinVersion       := sslVerTLS1_2;  { V8.37}
    frmMain.SslContext1.SslMaxVersion       := sslVerMax;   { V8.37}
    frmMain.SslContext1.SslCipherList       := CipherListEdit.Text;

    frmMain.SslContext1.SslDHParamFile       := DHParamEdit.Text;

    { Enables OpenSsl's internal session caching }
    frmMain.SslContext1.SslSessionCacheModes        := [sslSESS_CACHE_SERVER];
    frmMain.SslContext1.SslSessionTimeout           := 300; //sec
    frmMain.SslContext1.SslDefaultSessionIDContext  := 'AnyStringForSessionCaching';

    frmMain.SslContext1.SslCertFile                 := CertFileEdit.Text;
    frmMain.SslContext1.SslPassPhrase               := PassPhraseEdit.Text;
    frmMain.SslContext1.SslPrivKeyFile              := PrivKeyFileEdit.Text;
    frmMain.SslContext1.SslCAFile                   := CAFileEdit.Text;
    frmMain.SslContext1.SslCAPath                   := CAPathEdit.Text;
    frmMain.SslContext1.SslVerifyPeer               := VerifyPeerCheckBox.Checked;
    frmMain.SslFtpServer1.FtpSslTypes               := [ftpAuthTls, ftpAuthSsl];

    { Use a custom multiline banner }
    //frmMain.SslFtpServer1.Banner := '';
    frmMain.SslFtpServer1.Banner := '220-Welcome to my Server' + #13#10 +
                            '220-' + #13#10 +
                            '220 ICS FTP Server ready.';
    frmMain.SslFtpServer1.Addr   := ServIpAddr.Text;  { V8.37 }
    frmMain.SslFtpServer1.Port   := FPortEdit.Text;
    frmMain.SslFtpServer1.Start;
    MinSSLMethod := frmMain.SslContext1.SslMinVersion;
    MaxSSLMethod := frmMain.SslContext1.SslMaxVersion;
    for SSLVer := sslVerSSL3 to sslVerMax do
    begin
    If SSLVer = MinSSLMethod then Logit('SSL Minimum Version : : ' + GetEnumName(TypeInfo(TSslVerMethod), Ord(MinSSLMethod)));
    end;

    for SSLVer := sslVerSSL3 to sslVerMax do
    begin
    If SSLVer = MaxSSLMethod then Logit('SSL Maximum Version : : ' + GetEnumName(TypeInfo(TSslVerMethod), Ord(MaxSSLMethod)));
    end;
    //Logit('SSL Minimum Version :' + String(frmMain.SslContext1.ToString) );
    //Logit('SSL Maximum Version :' + ToString(frmMain.SslContext1.) );

    SSLCacheModes := frmMain.SslContext1.SslSessionCacheModes;
    for SSLCache := sslSESS_CACHE_CLIENT to sslSESS_CACHE_NO_INTERNAL_STORE do
    begin
    If SSLCache in SSLCacheModes then Logit('SSL Session Cache Modes : ' + GetEnumName(TypeInfo(TSslSessCacheMode), Ord(SSLCache)));
    end;
    Logit('SSL Session Timeout :' + UIntToStr(frmMain.SslContext1.SslSessionTimeout) + 's' );
    Logit('SSL Certificate File :' + frmMain.SslContext1.SslCertFile );
    Logit('SSL Private List :' + frmMain.SslContext1.SslPrivKeyFile );
    Logit('SSL CA File :' + frmMain.SslContext1.SslCAPath + '\' + frmMain.SslContext1.SslCAFile );
    Logit('SSL Verify Peer :' + BoolToStr(frmMain.SslContext1.SslVerifyPeer) );
    SSLTypeModes := frmMain.SslFtpServer1.FtpSslTypes;
    for SSLType := ftpAuthSsl to ftpImplicitSsl do
    begin
    If SSLType in SSLTypeModes then Logit('FTP SSL Types : ' + GetEnumName(TypeInfo(TFtpSslType), Ord(SSLType)));
    end;

    Logit('Successfully Started the FTP Server');
end;

Full project files attached below, been spending more than 10 hours trying to debug it but no matter what i have tried, it doesn't serving TLS.

Simple FTP Server_send.rar