EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SBSimpleFTPS using correct cipher suite

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#14691
Posted: 10/14/2010 04:05:09
by Jim Sartorius (Basic support level)
Joined: 10/14/2010
Posts: 1

Hello,

I am using a trial version of secure blackbox to connect to a ssl ftp server, to test if I can use ELDOS for this.

However I keep getting a "Error occured while enabling SSL/TLS on command channel" error message (on the .login command).

I had the logfiles of the FTP server checked, and they informed me I was using the incorrect cipher suite.

The allowed suites are:
RSA_WITH_3DES_EDE_CBC_SHA
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA

I do not know if this is an "official" name. I tried

(client being a SBSimpleFTPS.TElSimpleFTPSClient)

For i As Short = 0 To SBConstants.Unit.SB_SUITE_LAST
client.CipherSuites(i) = False
Next

' enable only the allowed suites
client.CipherSuites(SBConstants.Unit.SB_SUITE_ECDHE_RSA_3DES_EDE_CBC_SHA) = True
client.CipherSuites(SBConstants.Unit.SB_SUITE_ECDHE_RSA_AES128_CBC_SHA) = True
client.CipherSuites(SBConstants.Unit.SB_SUITE_ECDHE_RSA_AES256_CBC_SHA) = True

I also tried this with

SBConstants.Unit.SB_SUITE_ECDH_RSA_3DES_EDE_CBC_SHA
SBConstants.Unit.SB_SUITE_ECDH_RSA_AES128_CBC_SHA
SBConstants.Unit.SB_SUITE_ECDH_RSA_AES256_CBC_SHA

Assuming my code is correct, which of the SBConstants are the same as the allowed suites (I do not know what ECDH of ECDHE means)?
Or are the required cipher suites not supported by SBSimpleFTPS?

(and, if the cipher suites _are_ the same, is it possible to get more information from the SBSimpleFTPS about what is going wrong?)

Thanks,
Jim Sartorius



Following the code I have used to test this:


Sub TestSecureFtp()

CertificateValidator.InitializeWinStorages()

Dim store As New SBCustomCertStorage.TElMemoryCertStorage
AddCertificateToStore(store, PublicKeyPath, "")
AddCertificateToStore(store, MyPrivateKeyPath, "")

Using client As New SBSimpleFTPS.TElSimpleFTPSClient
client.Address = "ftp.xxx.com"
client.Port = 6377
client.PassiveMode = True
client.Username = "xxx"
client.Password = "xxx"

client.ClientCertStorage = store

'0 ttASCII ASCII data type
'1 ttBinary Binary data type
client.TransferType = SBSimpleFTPS.Unit.ttBinary

AddHandler client.OnCertificateValidate, AddressOf OnCertificateValidateHandler
AddHandler client.OnCertificateNeededEx, AddressOf OnCertificateNeededExHandler
AddHandler client.OnSSLError, AddressOf OnSSLErrorHandler

client.UseSSL = True

'acAuto = 0 acAuto try to specify command supported by server automatically
'acAuthTLS = 1 acAuthTLS use AUTH TLS command
'acAuthSSL = 2 acAuthSSL use AUTH SSL command
'acAuthTLSC = 3 acAuthTLSC use AUTH TLS-C command (clear data channel)
'acAuthTLSP = 4 acAuthTLSP use AUTH TLS-P command (protected data channel)
client.AuthCmd = SBSimpleFTPS.Unit.acAuthTLSC

'0 smImplicit implicit mode (SSL handshake is done after socket connection)
'1 smExplicit explicit mode (AUTH command is used to switch to SSL mode)
client.SSLMode = SBSimpleFTPS.Unit.smExplicit

client.EncryptDataChannel = False

client.Versions = SBConstants.Unit.sbSSL3 Or SBConstants.Unit.sbTLS1 Or SBConstants.Unit.sbTLS11

' disable all cipher suites
For i As Short = 0 To SBConstants.Unit.SB_SUITE_LAST
client.CipherSuites(i) = False
Next

' enable only the allowed suites
client.CipherSuites(SBConstants.Unit.SB_SUITE_ECDHE_RSA_3DES_EDE_CBC_SHA) = True
client.CipherSuites(SBConstants.Unit.SB_SUITE_ECDHE_RSA_AES128_CBC_SHA) = True
client.CipherSuites(SBConstants.Unit.SB_SUITE_ECDHE_RSA_AES256_CBC_SHA) = True

' open connection
client.Open()

Try
client.Login()
Catch ex As Exception
MsgBox("Login error: " & ex.Message)
End Try

End Using

End Sub
#14692
Posted: 10/14/2010 07:40:59
by Eugene Mayevski (EldoS Corp.)

Thank you for contacting us.

All SSL ciphersuites are supported by FTPS client. To find out more details about the problem please put some logging to OnSSLError event handler and also add a handler for OnControlSend and OnControlReceive events (there you can log, what's sent and what's received).

Also try letting the component connect with default cipher suites enabled.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 2216 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!