EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Error connecting to ftps server from popular clients: winscp, filezill

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#37434
Posted: 08/11/2016 02:35:48
by Wojciech Karasek (Basic support level)
Joined: 08/11/2016
Posts: 5

Hello

During testing SimpleFtpServer (your desktop sample) I could not connect by ftps from popular clients like winscp or filezilla. I do connect from your sample client.

Here is error message from winscp:
TLS connect: error in SSLv2/v3 read server hello A

And more verbose from openssl:

C:\OpenSSL-Win64\bin>openssl s_client -state -nbio -connect 192.168.220.70:5021
Loading 'screen' into random state - done
CONNECTED(000000E0)
turning on non blocking io
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
write R BLOCK
SSL_connect:error in SSLv2/v3 read server hello A
11524:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\
s23_clnt.c:782:

Wojciech Karasek
#37439
Posted: 08/11/2016 05:03:09
by Ken Ivanov (EldoS Corp.)

Hi Wojciech,

Thank you for getting in touch with us.

From the details you provided it looks like you are connecting in implicit TLS mode to explicit TLS port opened by the server. Please make sure that the modes match, as you won't be able to make an implicit client work with an explicit server, and the other way round.

Ken
#37443
Posted: 08/11/2016 08:09:35
by Wojciech Karasek (Basic support level)
Joined: 08/11/2016
Posts: 5

Hi Ken

Thanks for the answer. To my regret I believe I have tried all possible configurations.
More info in my replay email.

Regards
#37447
Posted: 08/12/2016 04:43:00
by Ken Ivanov (EldoS Corp.)

Wojciech,

Could you please specify the exact product edition (VCL, .NET etc.) and the server sample that you've tried?

Ken
#37448
Posted: 08/12/2016 05:21:27
by Wojciech Karasek (Basic support level)
Joined: 08/11/2016
Posts: 5

Hi Ken

Platform is .Net 4.5, sample version (from changes.txt file):

SecureBlackbox - version 15.0.294 - Released June 27, 2016


SecureBlackbox.SSLServer version (from ILSpy):

// C:\Windows\Microsoft.Net\assembly\GAC_MSIL\SecureBlackbox.SSLServer\v4.0_15.0.294.0__dd7d30884001c5e2\SecureBlackbox.SSLServer.dll
// SecureBlackbox.SSLServer, Version=15.0.294.0, Culture=neutral, PublicKeyToken=dd7d30884001c5e2

// Architecture: AnyCPU (64-bit preferred)
// Runtime: .NET 4.0

using System;
using System.Diagnostics;
using System.Reflection;
using System.Resources;
using System.Security;
[assembly: AssemblyVersion("15.0.294.0")]
[assembly: Debuggable(false, false)]
[assembly: AssemblyCompany("EldoS Corporation")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCopyright("© 2002-2016 EldoS Corporation")]
[assembly: AssemblyCulture("")]
[assembly: AssemblyDelaySign(true)]
[assembly: AssemblyDescription("SecureBlackbox.NET library")]
[assembly: AssemblyKeyFile("C:\\Projects\\SecureBlackbox\\KeyManagement\\NETKeys\\SecureBlackbox_NET45.public.snk")]
[assembly: AssemblyKeyName("")]
[assembly: AssemblyProduct("SecureBlackbox")]
[assembly: AssemblyTitle("SecureBlackbox.SSLServer")]
[assembly: AssemblyTrademark("SecureBlackbox")]
[assembly: NeutralResourcesLanguage("en-US")]
[assembly: AllowPartiallyTrustedCallers]

Best regards
#37449
Posted: 08/12/2016 06:52:22
by Ken Ivanov (EldoS Corp.)

Thank you very much for the details.

I believe the problem might be caused by some external factor then, such as a firewall. Just in case if it's a bug in the sample I tried to reproduce the issue with FileZilla locally, and the things worked just fine for me. Could you please run the following experiment with FileZilla and check if it works for you:

1) Open the FTP server sample in Visual Studio, compile and launch it. Configure the server as shown on the screen shot, then start the server itself with the Start button.

2) Run FileZilla and create a new connection. Configure it as shown on the screen shot.

3) Try to connect with FileZilla to your server.

Ken


#37450
Posted: 08/12/2016 07:24:57
by Wojciech Karasek (Basic support level)
Joined: 08/11/2016
Posts: 5

Hi Ken

Thank you for your kind collaboration.

My configurations (according to your advice) in attachment.


and result (no matter firewall is active or not):

Status: Odłączono od serwera
Status: Łączenie z 127.0.0.1:1021...
Status: Połączenie nawiązane, inicjowanie TLS...
Błąd: Błąd GnuTLS -58: An illegal TLS extension was received.
Błąd: Nie można połączyć się z serwerem
Status: Oczekiwanie na ponowienie...
Status: Łączenie z 127.0.0.1:1021...
Status: Połączenie nawiązane, inicjowanie TLS...
Błąd: Błąd GnuTLS -58: An illegal TLS extension was received.
Błąd: Nie można połączyć się z serwerem

Best regards


#37451
Posted: 08/12/2016 07:56:51
by Ken Ivanov (EldoS Corp.)

Thank you for trying. This is a different error, and it has known reasons. The problem is that FileZilla (or, GnuTLS, to be precise) developers implemented different method of handling TLS EC points extensions in one of the latest versions of their product. As a result they decline servers not supporting EC points extension in their way.

This problem was addressed in build 295, and you can overcome it by upgrading to version 15.0.295.

Ken
#37464
Posted: 08/16/2016 03:11:34
by Wojciech Karasek (Basic support level)
Joined: 08/11/2016
Posts: 5

Hi Ken

Thank you very much. Version 295 is working.

Best regards.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 914 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!