Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
0 votes
30 views
asked in Java FTP by (270 points)
using edtftpj/Pro Version 5.3.1 :

Unfortunately some of our partners use FTP-Server with TLS-Version lower than 1.1.

My problem now: I found no possibility für downloading a ServerCertificate from a Server by using TLS V 1.0.

SSLFTPClient always uses Default TLS1.1 as Min-TLS-Version...

any idea ?

1 Answer

0 votes
answered by (152k points)
selected by
 
Best answer

TLS 1.0 isn't regarded as secure nowadays, hence the default setting. But there's a property for setting the minimum TLS version, just set it to 1.0:

setMinSSLVersion(SSLVersion.TLS_V1_0);

commented by (270 points)
i already tried this, but it had no effect on
SSLFtpClient. getServerCertificate().

for only connecting to the server e. g. for reading directory it works, but not for downloading the certificate.
commented by (152k points)
You're correct, it won't work for this helper method.  But this method is just to grab the server certificate which you should only do once and can use any tool to get.
commented by (270 points)
That is a great problem now for us. Because with this method our users are able to download the certificate even if it changes. The user has no other possibility to download it and has no permission to save something like a certificate on our application server !

Maybe you can add this Methode to SecureFiletransferClient, so that we could use it furthermore !

We also try to communicate with all partners, because we know that TLS1.0 is not really secure any more, but we still need the method...
commented by (152k points)
It's no problem, you can just code it yourself. Here you go:

SSLFTPClient ftpClient = new SSLFTPClient();
 ftpClient.setMinSSLVersion(SSLVersion.TLS_V1_0);
        try {
            ftpClient.setRemoteHost(hostName);
            ftpClient.setRemotePort(remotePort);
            ftpClient.setValidateServer(true);
            ftpClient.setImplicitFTPS(isImplicit);
            ftpClient.connect();       // implicit FTPS should throw an exception here
            ftpClient.auth(AUTH_TLS);  // explicit FTPS should throw an exception here
            ftpClient.quit();
            return null;
        } catch (SSLFTPCertificateException e) {
            Vector certChain = e.getCertificates();
            return certChain!=null ? (certChain.size()>0 ? (SSLFTPCertificate)certChain.lastElement() : null) : null;
        } finally {
            try {
                ftpClient.quitImmediately();  // make sure connection is closed
            } catch (Throwable t) {
            }
        }

Categories

...