Comments (24)
Hi,
I had a lot of problems like this one, and for some unknown reason. I think it has something to do with the SSL protocol chosen, so the only way to fix this was to provide a property named SslProtocols
in the FtpClientParameters
class.
Maybe (I'm thinking of it just right now) it could help to try some other protocols when the tested one fails, so catching the exception in UpgradeToSsl()
method and then retry with different options.
I'm not sure this helps, but this is my best.
from ftp.
Implicit SSL will not even authenticate and the server is setup to require SSL: so no SSL is not an option.
Explicit SSL is the only option that will work, for this particular server.
I will try to play around with it and let you know how it goes :)
Thanks for the quick response.
from ftp.
No it's not about explicit or implicit, it's about SslProtocols
that you can force to have the values you need:
namespace System.Security.Authentication
{
[Flags]
public enum SslProtocols
{
None,
Ssl2,
Ssl3,
Tls,
Tls11,
Tls12,
Default = Tls | Ssl3,
}
}
And you can set specific values in the FtpClientParameters
class in order to use only the specified SSL protocols.
from ftp.
Sorry I should of been more specific. I have tried all of them with no luck. I either receive a connection error (due to target server limitations) or the SSPI error.
from ftp.
I'm sorry to read that, I think there is something I misunderstood in FTPES protocol, because I had the same error on some servers (and had to disable tests for them).
from ftp.
I am almost positive it has to do with the way you are handling certificates. Right now the CheckCertificateHandler isn't doing anything. and your passing in a null certificate to the AuthenticateAsClient method.
That is what is causing the SSPI errors we are seeing.
I am going to try and generate a cert and apply it with this method and see if it fixes it.
If it does, ill clean it up and get it committed.
from ftp.
Any progress on this?
from ftp.
Nope - I Tried tons of things, including add a cert to the request and no luck.
from ftp.
I fixed the SSPI call error, but now i am getting this exception "The handshake failed due to an unexpected packet format"
A wireshark says the server responded with:
421 Failed TLS negotiation on control channel, disconnected (SSL_accept():(1) error: 14076 OFC: SSL Routines: SSL23_Get_Client_Hello: unknown protocol)"
from ftp.
I guess that's a progress... How can I help?
from ftp.
Hi Zach,
What FTP server do you use?
from ftp.
This may be a great product, however I couldn't even getting it started (because the setup is a great piece of garbage, and yes, I'm pissed). So I won't be able to help.
from ftp.
I understand, any Unix based ftpd should be fine.
I will let you know when I get back home and can look at it
On Fri, Nov 11, 2016, 12:32 PM Pascal Craponne [email protected]
wrote:
This may be a great product, however I couldn't even getting it started
(because the setup is a great piece of garbage, and yes, I'm pissed). So I
won't be able to help.—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#32 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AGS2cVo5TIFHkBKWX0QcNXAMsURqVGN_ks5q9KKBgaJpZM4KhRpI
.
from ftp.
Version 1.11 (just released) uses lazy initialization on FtpStream
, this means they can be used only if their Validated()
method was invoked. Does this fix the problem (because it may be related)?
from ftp.
I think this is caused by another issue I just encountered.
If you set ChannelProtection
to contain FtpProtection.DataChannel
the library never explicitly informs the server of this.
Some servers do not by default use SSL on the data channel even if it is being used on the command channel.
This can result in the server sending unencrypted data which is picked up by System.Net.Security.SslStream.AuthenticateAsClient
and causes the exception seen above as the data is not a valid SSL handshake.
FtpSession.CheckProtection
should, if State["PROT"]
does not equal the desired protection level, issue a PROT
command and fail on a non 2xx response code. State["PROT"]
should not initially be set on a new connection.
I'm currently using the below as a temporary fix:
if (client.SendSingleCommand("PROT", "P").Code.Code != 200)
throw new Exception("Could not enable data channel encryption.");
from ftp.
It appears the library also doesn't issue a PBSZ
command which is apparently required by https://tools.ietf.org/html/rfc2228.
Other libraries seem to use PBSZ 0
successfully.
from ftp.
ebarnard - You are correct. Also, I ended up bypassing SSPI all together and using a OpenSSL C# implementation.
Even with your suggestions, I could not successfully handshake with a UNIX based ftpd.
Here is the package i used to successfully
https://github.com/openssl-net/openssl-net
from ftp.
Something also to add - I updated libssl32.dll and ssleay32.dll from that package with the new versions provided by OpenSSL. I believe the versions included in that package are open to the HeartBleed vulnerability.
from ftp.
Looks like mine is an unrelated issue then.
from ftp.
Ebernard - What exactly is your issue? your getting the SSPI exception?
Is your initial handshake successful? Do you see the USER command being sent?
Any logs you can provide would be helpful.
from ftp.
The issue is that a PROT command is not being sent when using ftps or ftpes. As a result the server sends unencrypted data on the data channel despite the control channel running over ssl.
As it's unrelated to this issue I opened #35.
from ftp.
Ahem... Let's get back to original problem here 😣
@zharris6 : is it fixed? Can we close this issue?
from ftp.
Nope, I only got it working by bypassing SSPI/SSLStream all together and using the OpenSSL fork i mentioned previously. It is a complete hack and a total butcher of your code, therefor it is not a acceptable solution.
I will try to fix this using SSPI, however, I think it is a problem with SSPI itself.
from ftp.
OK, let's keep this issue open, then.
from ftp.
Related Issues (20)
- Error parsing Modify fact of Mlsd HOT 1
- Download/Retr File HOT 5
- [Question] Resume File Download HOT 1
- FileZilla and STAT command HOT 3
- FtpS and FtpES connections do not necessarily secure data sockets HOT 6
- ThreadInterruptedException' in mscorlib.dll. Doesnt crash but dont know why it happens. HOT 6
- ArxOne.Ftp.Exceptions.FtpFileException: File error. Code=550 HOT 2
- FTPS with TLS not working HOT 4
- File Date parsing is wrong HOT 1
- Retrive .odt files HOT 2
- MVS-z/OS FTP server HOT 5
- error 230 on list HOT 2
- Connecting with ftp ends in 501 error HOT 6
- Make project compatible with .NET Standard HOT 16
- Package versioning is probably broken HOT 1
- Asynchronous API HOT 4
- library hits session limit on server where filezilla does not. HOT 2
- NuGet package publishing failed HOT 1
- Unix space quoting issues HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ftp.