EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Issue with TLS using SecureBlackBox FTPS

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#25617
Posted: 07/10/2013 15:21:49
by Tom Garrison (Priority Standard support level)
Joined: 05/16/2013
Posts: 15

I am having an issue connection to my SecureBlackBox FTPS instance using explicit FTP over TLS. This was working last month, but now I am seeing the error below:

Status: Connection established, waiting for welcome message...
Response: 220 FTP Dev Host running at IP: :21 Passive ports: 28 - 218
Command: AUTH TLS
Response: 234 Security data exchange complete.
Status: Initializing TLS...
Error: GnuTLS error -12: A TLS fatal alert has been received.
Error: Could not connect to server

I haven't changed any code, so I'm not sure what is wrong. Any help would be appreciated.
#25619
Posted: 07/10/2013 17:19:48
by Ken Ivanov (EldoS Corp.)

Hello Tom,

Could you please give us a bit more information about the problem:

- Are there any errors reported by the server-side FTPS components?

- Did you upgrade your SecureBlackbox installation recently, or your application just suddenly stopped working without any apparent reason?
#25629
Posted: 07/11/2013 03:23:36
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. Do you use version 9 or 10 of SecureBlackbox? As far as I remember somewhere in version 10 was fix related to GnuTLS/FTPSServer. Please try the latest build (if you are using the previous version).
#25645
Posted: 07/11/2013 09:22:55
by Tom Garrison (Priority Standard support level)
Joined: 05/16/2013
Posts: 15

I have not upgraded my version of SecureBlack box recently (last download was in April of this year)

I am running version 10.0.233.0 of the FTPS Server.

I am using the following assemblies:
SecureBlackbox.FTPS.dll
SecureBlackbox.FTPSServer.dll
SecureBlackbox.SSLCommon.dll
SecureBlackbox.SSLServer.dll

I was I had more details. I'm not seeing any errors when I debug through the server side code.

It spins up the server fine and gets to this method when I try to connect:
NewConnection(object sender, TElSimpleFTPSServerSessionThread session)

then I see this error on the client:
GnuTLS error -12: A TLS fatal alert has been received.
Could not connect to server

Can you recommend where I can look for more errors? I'm not seeing anything in event viewer.

My ClientFTP settings (FileZilla) are:

Host: 127.0.0.1
Port: 21
Protocol: FTP - File Transfer Protocol
Encryption: Require explicit FTP over TLS
Login Type: Normal
I am setting a username and password.
#25646
Posted: 07/11/2013 09:40:09
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

I also recalled another problem with FileZilla/GnuTLS which requires SBB 11.
Please try to set maximum TLS supported version to TLS 1.2, that should help.

You can do this in FTPSServer.OnEstablishSecureConnection event handler (Server.Versions := [sbTLS1, sbTLS11, sbTLS12]; ), which you can set in OnNewConnection event handler of ElSimpleFTPSServer.
#25648
Posted: 07/11/2013 10:41:40
by Tom Garrison (Priority Standard support level)
Joined: 05/16/2013
Posts: 15

This is my method for new connection. I simply trace the connection to my log.
Code
        private static void NewConnection(object sender, TElSimpleFTPSServerSessionThread session)
        {
            Trace.TraceInformation("New connection: {0} on address: {1}", session, session.Socket.Address);
        }


I can't seem to access this event:
FTPSServer.OnEstablishSecureConnection

I don't directly call FTPSServer in my in code.

I use _server = new TElSimpleFTPSServer then
_server.OnNewConnection += NewConnection;

in my StartServer method
#25649
Posted: 07/11/2013 10:52:02
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

You should access FTPSServer via TElSimpleFTPSServerSessionThread parameter, i.e. inside of NewConnection write something like
Code
session.FTPSServer.OnEstablishSecureConnection += ...
#25650
Posted: 07/11/2013 11:22:22
by Tom Garrison (Priority Standard support level)
Joined: 05/16/2013
Posts: 15

OK, that helped, but not sure how to set the versions.

The event requires two parameters: object Sender and TEISSLSEVER server). I have a sender object I can pass, but not sure how to set the server object as you have described above to the correct server version. Do you have an example of this?
#25651
Posted: 07/11/2013 11:27:31
by Tom Garrison (Priority Standard support level)
Joined: 05/16/2013
Posts: 15

Follow-up.

I just noticed your assignment on the example. Still not sure what to set it to:

session.FTPSServer.OnEstablishSecureConnection += version(xxx); does not work.
#25652
Posted: 07/11/2013 11:36:53
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

No, in this method you should set event handler for session.FTPSServer.OnEstablishSecureConnection, and in this handler finally set the SSL versions:
Code
        private void ElSimpleFTPSServer_OnNewConnection(object Sender, SBSimpleFTPSServer.TElSimpleFTPSServerSessionThread Session)
        {
            ...
            Session.FTPSServer.OnEstablishSecureConnection += new TSBFTPSServerEstablishSecureConnectionEvent(FTPSServer_OnEstablishSecureConnection);
            ...
        }

        void FTPSServer_OnEstablishSecureConnection(object Sender, SBSSLServer.TElSSLServer Server)
        {
            Server.Versions = SBSSLConstants.Unit.sbSSL3 | SBSSLConstants.Unit.sbTLS1 | SBSSLConstants.Unit.sbTLS11 | SBSSLConstants.Unit.sbTLS12;
        }
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 1957 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!