Discuss , our SFTP/FTP/FTPS/SCP server for Windows. Secure, fast and customizable!

SSL help

no avatar
User

Scott

SSL help

by Scott » Thu Oct 06, 2005 12:46 am

Hi there. I've got a small problem trying to run edtFTPD using SSLv3 as the secure protocol. I'm testing everything on a single box, meaning the edtFTPD server and the FTPS client software are running on the same machine. Here are my environment details:

OS:
----
Win XP SP1


FTPS client:
-------------
demo version of edtFTPnet/PRO (we have licensed it but I'm still testing with the demo version because the guys here that handle the purchasing received the wrong license key and they're still sorting it out)

edtFTPD configuration:
--------------------------
ServerName "edtFTPD Server"
ServerType standalone
DefaultServer on
PersistentPasswd on
WtmpLog off
ScoreBoardFile /edtFTPD/var/log/scoreboard.dat
AuthUserFile /edtFTPD/etc/passwd
AuthGroupFile /edtFTPD/etc/group
DefaultRoot ~
Port 21
DebugLevel 0
ExtendedLog /edtFTPD/var/log/messages.log ALL
TransferLog /edtFTPD/var/log/transfer.log
Umask 022
MaxInstances 5
User SYSTEM
Group Administrators
MaxLoginAttempts 5
TimeoutStalled 300
TimeoutIdle 300
TimeoutLogin 300
DisplayConnect /edtFTPD/etc/welcome.txt
AllowOverwrite on
TLSEngine on
TLSLog /edtFTPD/var/log/tls.log
TLSProtocol SSLv3
TLSRequired on
TLSRSACertificateFile /edtFTPD/etc/server.cert.pem
TLSRSACertificateKeyFile /edtFTPD/etc/server.key.pem
TLSCACertificateFile /edtFTPD/etc/ca-root.crt
TLSVerifyClient off
#<Anonymous /edtFTPD/home/>
# MaxClients 5 "Sorry, max %m users -- try again later"
# User ""
# Group Users
# UserAlias anonymous ""
# UserAlias ftp ""
# # CUSTOMSETTINGS BEGIN
# # CUSTOMSETTINGS END
#</Anonymous>
# CUSTOMSETTINGS BEGIN
# CUSTOMSETTINGS END



I was able to get everything working with TLSv1 as the protocol. Then I stopped the edtFTPD service, switched the edtFTPD configuration to SSLv3, restarted the service, changed my client code to specify "SSL" as the security mechanism to edtFTPnet/PRO and received the following exception message:

"The other side has sent a failure alert: HandshakeFailure."


The following was written to the edtftpd.log file (I believe these are all ok based on some other postings, and I see these lines all the time when using TLSv1 and that protocol works ok):

--START--
255.255.255.255 - error setting write fd IP_TOS: Invalid argument
255.255.255.255 - error setting read fd IP_TOS: Invalid argument
255.255.255.255 - error setting write fd TCP_NOPUSH: Protocol not available
255.255.255.255 - error setting read fd TCP_NOPUSH: Protocol not available
255.255.255.255 (localhost[127.0.0.1]) - FTP session opened.
255.255.255.255 (localhost[127.0.0.1]) - FTP session closed.
--END--

The only difference is the abrupt closing of the session because the handshake failed.


The following was written to the tls.log file:
--START--
Oct 05 10:28:51 mod_tls/2.0.6[404]: SSL/TLS-P requested, starting TLS handshake
Oct 05 10:28:52 mod_tls/2.0.6[404]: unable to accept TLS connection: error:00000001:lib(0):func(0):reason(1)
Oct 05 10:28:52 mod_tls/2.0.6[404]: SSL/TLS-P negotiation failed on control channel
--END--


Nothing was written to the transfer.log or messages.log files because the handshake failure stopped everything.

Any ideas?

Thanks,
Scott
no avatar
User

ScottN

Posts

1

Joined

Thu Oct 06, 2005 12:17 am

by ScottN » Thu Oct 06, 2005 7:07 am


Who is online

Users browsing this forum: Google [Bot] and 25 guests

Powered by phpBB ® | phpBB3 Style by KomiDesign
cron