Re: Error while connection to FTP server running implicit SSL
Thanks a lot for the explanation, John. Is there a specific method in Apache FTP that would allow me to check whether the connection is secured or not? Cheers, Martin Am 10.07.2014 um 15:27 schrieb John Hartnup john.hart...@gmail.com: Explicit means that the client requests SSL specifically (or Explicitly) As delivered the server let's the client use plain FTP if it doesn't request SSL. You can make it insist on SSL by writing an ftplet that rejects USER or PASS commands unless the session is secured. On 10 July 2014 12:12, Martin Wunderlich m...@censhare.de wrote: Hi all, I have found the solution: The key alias parameter was not specified in the FTP server configuration. Once this was set correctly, I was able to connect with the client in TLS mode. One question remains, though: In order for TLS to be active, the client needs to request it specifically (using the setting for explicit TLS). When using „Plain FTP“, the client can still connect through an insecure connection. Anyone know why that is? I was assuming that the server would reject insecure connections on its SSL port. Cheers, Martin Am 09.07.2014 um 19:21 schrieb Martin Wunderlich m...@censhare.de: Hi David, Thanks a lot for the reply. Here is the additional information below. The server configuration is set to implicit SSL = false. HTH. Cheers, Martin *Test 1) Connect with explicit SSL (set in the client) to the Server listening on secure port (4243)* *FileZilla Log: * 19:15:39 Trace: CControlSocket::DoClose(64) 19:15:39 Trace: CControlSocket::DoClose(64) 19:15:39 Status: Connecting to 192.168.178.21:4243... 19:15:39 Status: Connection established, waiting for welcome message... 19:15:39 Trace: CFtpControlSocket::OnReceive() 19:15:39 Response: 220 Service ready for new user. 19:15:39 Trace: CFtpControlSocket::SendNextCommand() 19:15:39 Command: AUTH TLS 19:15:39 Trace: CFtpControlSocket::OnReceive() 19:15:39 Response: 234 Command AUTH okay; starting TLS connection. 19:15:39 Status: Initializing TLS... 19:15:39 Trace: CTlsSocket::Handshake() 19:15:39 Trace: CTlsSocket::ContinueHandshake() 19:15:39 Trace: CTlsSocket::OnSend() 19:15:39 Trace: CTlsSocket::OnRead() 19:15:39 Trace: CTlsSocket::ContinueHandshake() 19:15:39 Trace: CTlsSocket::Failure(-12, 53) 19:15:39 Trace: GnuTLS alert 40: Handshake failed 19:15:39 Error: GnuTLS error -12: A TLS fatal alert has been received. 19:15:39 Trace: CRealControlSocket::OnClose(53) 19:15:39 Trace: CControlSocket::DoClose(64) 19:15:39 Trace: CFtpControlSocket::ResetOperation(66) 19:15:39 Trace: CControlSocket::ResetOperation(66) 19:15:39 Error: Could not connect to server 19:15:39 Trace: CFileZillaEnginePrivate::ResetOperation(66) *FileZilla Config: * Bildschirmfoto 2014-07-09 um 19.17.19.png *Server log: * 2014.07.09-19:15:39.601 SEVERE : pool-3-thread-9: DefaultFtpHandler: Exception caught, closing session javax.net.ssl.SSLHandshakeException: SSL handshake failed. at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:495) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1290) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) at
Re: Error while connection to FTP server running implicit SSL
Hi all, I have found the solution: The key alias parameter was not specified in the FTP server configuration. Once this was set correctly, I was able to connect with the client in TLS mode. One question remains, though: In order for TLS to be active, the client needs to request it specifically (using the setting for explicit TLS). When using „Plain FTP“, the client can still connect through an insecure connection. Anyone know why that is? I was assuming that the server would reject insecure connections on its SSL port. Cheers, Martin Am 09.07.2014 um 19:21 schrieb Martin Wunderlich m...@censhare.de: Hi David, Thanks a lot for the reply. Here is the additional information below. The server configuration is set to implicit SSL = false. HTH. Cheers, Martin Test 1) Connect with explicit SSL (set in the client) to the Server listening on secure port (4243) FileZilla Log: 19:15:39 Trace: CControlSocket::DoClose(64) 19:15:39 Trace: CControlSocket::DoClose(64) 19:15:39 Status: Connecting to 192.168.178.21:4243... 19:15:39 Status: Connection established, waiting for welcome message... 19:15:39 Trace: CFtpControlSocket::OnReceive() 19:15:39 Response:220 Service ready for new user. 19:15:39 Trace: CFtpControlSocket::SendNextCommand() 19:15:39 Command: AUTH TLS 19:15:39 Trace: CFtpControlSocket::OnReceive() 19:15:39 Response:234 Command AUTH okay; starting TLS connection. 19:15:39 Status: Initializing TLS... 19:15:39 Trace: CTlsSocket::Handshake() 19:15:39 Trace: CTlsSocket::ContinueHandshake() 19:15:39 Trace: CTlsSocket::OnSend() 19:15:39 Trace: CTlsSocket::OnRead() 19:15:39 Trace: CTlsSocket::ContinueHandshake() 19:15:39 Trace: CTlsSocket::Failure(-12, 53) 19:15:39 Trace: GnuTLS alert 40: Handshake failed 19:15:39 Error: GnuTLS error -12: A TLS fatal alert has been received. 19:15:39 Trace: CRealControlSocket::OnClose(53) 19:15:39 Trace: CControlSocket::DoClose(64) 19:15:39 Trace: CFtpControlSocket::ResetOperation(66) 19:15:39 Trace: CControlSocket::ResetOperation(66) 19:15:39 Error: Could not connect to server 19:15:39 Trace: CFileZillaEnginePrivate::ResetOperation(66) FileZilla Config: Bildschirmfoto 2014-07-09 um 19.17.19.png Server log: 2014.07.09-19:15:39.601 SEVERE : pool-3-thread-9: DefaultFtpHandler: Exception caught, closing session javax.net.ssl.SSLHandshakeException: SSL handshake failed. at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:495) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1290) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1177) at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1149) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:575) at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:349) at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:476) ... 15
Re: Error while connection to FTP server running implicit SSL
Martin, Could you attach Filezilla and Mina FTPServer log files as well as FTPServer configuration xml and Filezilla's config (either screenshot or XML file without the passwords)? 2014-06-30 10:57 GMT+02:00 Martin Wunderlich m...@censhare.de: Hi all, I am expanding our MINA-based FTP server by adding a setting for implicit vs. explicit SSL. I have made all the necessary changes, but for some reason I can’t connect to the server anymore when implicit SSL is set to true. In explicit SSL mode it works fine. When trying to connect, I get the error message: Connection established, waiting for welcome message... And then the FileZilla client just hangs until it has timed out… Any ideas anyone? Thanks a lot. Cheers, Martin
Error while connection to FTP server running implicit SSL
Hi all, I am expanding our MINA-based FTP server by adding a setting for implicit vs. explicit SSL. I have made all the necessary changes, but for some reason I can’t connect to the server anymore when implicit SSL is set to true. In explicit SSL mode it works fine. When trying to connect, I get the error message: Connection established, waiting for welcome message... And then the FileZilla client just hangs until it has timed out… Any ideas anyone? Thanks a lot. Cheers, Martin signature.asc Description: Message signed with OpenPGP using GPGMail