EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Issue with TLS using SecureBlackBox FTPS

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#25617
Posted: 07/10/2013 15:21:49
by Tom Garrison (Priority Standard support level)
Joined: 05/16/2013
Posts: 15

I am having an issue connection to my SecureBlackBox FTPS instance using explicit FTP over TLS. This was working last month, but now I am seeing the error below:

Status: Connection established, waiting for welcome message...
Response: 220 FTP Dev Host running at IP: :21 Passive ports: 28 - 218
Command: AUTH TLS
Response: 234 Security data exchange complete.
Status: Initializing TLS...
Error: GnuTLS error -12: A TLS fatal alert has been received.
Error: Could not connect to server

I haven't changed any code, so I'm not sure what is wrong. Any help would be appreciated.
#25619
Posted: 07/10/2013 17:19:48
by Ken Ivanov (EldoS Corp.)

Hello Tom,

Could you please give us a bit more information about the problem:

- Are there any errors reported by the server-side FTPS components?

- Did you upgrade your SecureBlackbox installation recently, or your application just suddenly stopped working without any apparent reason?
#25629
Posted: 07/11/2013 03:23:36
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. Do you use version 9 or 10 of SecureBlackbox? As far as I remember somewhere in version 10 was fix related to GnuTLS/FTPSServer. Please try the latest build (if you are using the previous version).
#25645
Posted: 07/11/2013 09:22:55
by Tom Garrison (Priority Standard support level)
Joined: 05/16/2013
Posts: 15

I have not upgraded my version of SecureBlack box recently (last download was in April of this year)

I am running version 10.0.233.0 of the FTPS Server.

I am using the following assemblies:
SecureBlackbox.FTPS.dll
SecureBlackbox.FTPSServer.dll
SecureBlackbox.SSLCommon.dll
SecureBlackbox.SSLServer.dll

I was I had more details. I'm not seeing any errors when I debug through the server side code.

It spins up the server fine and gets to this method when I try to connect:
NewConnection(object sender, TElSimpleFTPSServerSessionThread session)

then I see this error on the client:
GnuTLS error -12: A TLS fatal alert has been received.
Could not connect to server

Can you recommend where I can look for more errors? I'm not seeing anything in event viewer.

My ClientFTP settings (FileZilla) are:

Host: 127.0.0.1
Port: 21
Protocol: FTP - File Transfer Protocol
Encryption: Require explicit FTP over TLS
Login Type: Normal
I am setting a username and password.
#25646
Posted: 07/11/2013 09:40:09
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

I also recalled another problem with FileZilla/GnuTLS which requires SBB 11.
Please try to set maximum TLS supported version to TLS 1.2, that should help.

You can do this in FTPSServer.OnEstablishSecureConnection event handler (Server.Versions := [sbTLS1, sbTLS11, sbTLS12]; ), which you can set in OnNewConnection event handler of ElSimpleFTPSServer.
#25648
Posted: 07/11/2013 10:41:40
by Tom Garrison (Priority Standard support level)
Joined: 05/16/2013
Posts: 15

This is my method for new connection. I simply trace the connection to my log.
Code
        private static void NewConnection(object sender, TElSimpleFTPSServerSessionThread session)
        {
            Trace.TraceInformation("New connection: {0} on address: {1}", session, session.Socket.Address);
        }


I can't seem to access this event:
FTPSServer.OnEstablishSecureConnection

I don't directly call FTPSServer in my in code.

I use _server = new TElSimpleFTPSServer then
_server.OnNewConnection += NewConnection;

in my StartServer method
#25649
Posted: 07/11/2013 10:52:02
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

You should access FTPSServer via TElSimpleFTPSServerSessionThread parameter, i.e. inside of NewConnection write something like
Code
session.FTPSServer.OnEstablishSecureConnection += ...
#25650
Posted: 07/11/2013 11:22:22
by Tom Garrison (Priority Standard support level)
Joined: 05/16/2013
Posts: 15

OK, that helped, but not sure how to set the versions.

The event requires two parameters: object Sender and TEISSLSEVER server). I have a sender object I can pass, but not sure how to set the server object as you have described above to the correct server version. Do you have an example of this?
#25651
Posted: 07/11/2013 11:27:31
by Tom Garrison (Priority Standard support level)
Joined: 05/16/2013
Posts: 15

Follow-up.

I just noticed your assignment on the example. Still not sure what to set it to:

session.FTPSServer.OnEstablishSecureConnection += version(xxx); does not work.
#25652
Posted: 07/11/2013 11:36:53
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

No, in this method you should set event handler for session.FTPSServer.OnEstablishSecureConnection, and in this handler finally set the SSL versions:
Code
        private void ElSimpleFTPSServer_OnNewConnection(object Sender, SBSimpleFTPSServer.TElSimpleFTPSServerSessionThread Session)
        {
            ...
            Session.FTPSServer.OnEstablishSecureConnection += new TSBFTPSServerEstablishSecureConnectionEvent(FTPSServer_OnEstablishSecureConnection);
            ...
        }

        void FTPSServer_OnEstablishSecureConnection(object Sender, SBSSLServer.TElSSLServer Server)
        {
            Server.Versions = SBSSLConstants.Unit.sbSSL3 | SBSSLConstants.Unit.sbTLS1 | SBSSLConstants.Unit.sbTLS11 | SBSSLConstants.Unit.sbTLS12;
        }
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 1965 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!