[twsocket] Clarification Re: FTP TLS, SSL, + passive mode problem
hi (Angus) some clarification... we use ftpcli for many years now, ssl version is included last few years and this is first time i see the problem with SSL (but i assume most of our users still use plain FTP), i did several tests with SSL in past and no problems .. i have this problem with one specific server (one of the our users asked me about it), this server is private (hosting in US : atomicvps.com) and user have problems since he was forced to switch from FTP to FTPES by his provider ( see http://www.atomicvps.com/blog/enforcing-encrypted-ftp-sessions/ ) ... i did tests with this same server (ICS upload from my own pc), with same results (see log) i also did same test with other clients (non ICS from my own pc) to same server and no problems... means i can upload with non ICS client, but not with ICS client from same pc to the same server... as another test i also installed local filezilla server and was able to reproduce same problem with it (ICS upload to local filezilla server) btw, today i updated to ICS8 (latest version from SVN) and i still have same problem upload log with ICS8 here : http://miro.image-line.com/downloads/full_upload_log2.rar regards miro Are you testing against local FTP servers on a LAN, or public servers across NAT routers and firewalls? 95% of FTP problems that happen when the data connection opens are caused by NAT routers or firewalls blocking the new connection. This is worse with SSL since the router can not modify the control channel to change the internal IP address to an external address. It's unlikely to make any difference, but you can test against the ICS SSL FTP server on ics.ftptest.org. BTW, ICS v7 is very old and no longer maintained, you should be using v8. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Clarification Re: FTP TLS, SSL, + passive mode problem
asked me about it), this server is private (hosting in US : atomicvps.com) So you are using a public server on a WAN, with a NAT routers or a firewall on either end of the connection? as another test i also installed local filezilla server and was able to reproduce same problem with it (ICS upload to local filezilla server) But now you say it fails on the LAN as well, is that with the ICS SSL demo FTP application? This is an extract log from the ICS FTP server I asked you to test against, which shows Passive mode with SSL does work OK. This test is done using my DUN Manager application you can download and test from: http://www.magsys.co.uk/dunman/ Starting FTP Download from: ics.ftptest.org Connect/Logon to FTP Server: ics.ftptest.org:990 Check for Old SSL Session ! SSL handshake OK SSL Handshake Done OK, Secured with TLSv1, Cipher AES256-SHA, Secret Bits 256 (Total 256) 0 Certificate(s) in the verify chain Starting SSL Session Cache SSL Session: New 220-ics.ftptest.org 220-ICS TFtpServerW (c) 1998-2013 F. Piette V8.04 220 Server: MAGPUB2 at 2014-04-08T19:17:26 FTP Session Connected to 217.146.102.142:990 Downloading File: /test/testcode.asp to E:\temp1\testcode.asp, size 10.7 Kbytes PASV 227 Entering Passive Mode (217,146,102,142,82,82). RETR testcode.asp Check for Old SSL Session 150 Opening data connection for testcode.asp. ! SSL handshake OK SSL Handshake Done OK, Secured with TLSv1, Cipher AES256-SHA, Secret Bits 256 (Total 256) 0 Certificate(s) in the verify chain Starting SSL Session Cache SSL Session: Reuse 226 File sent ok ! 10.7Kbytes received/sent in 250 milliseconds Downloaded File e:\temp1\testcode_asp.tmp, size 10.7 Kbytes Updating Time Stamp: E:\temp1\testcode.asp to (UTC)=20080307-23 Download OK: E:\temp1\testcode.asp, size: 10.7 Kbytes, duration 0:00, average speed 38.1K/sec Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
