glftpd connection problem

Any issues, suggestions, and bug reports about new FTP Rush v3

Re: glftpd connection problem

Postby bugreport » Wed Mar 24, 2021 4:39 pm

IMO and based in all bug reports I think it would be reasonable to keep "Beta" label in FTPRush v3 for at least for a while.
bugreport
 
69
 
Fri Jan 01, 2021 3:39 am

Re: glftpd connection problem

Postby FTP » Thu Apr 01, 2021 1:45 am

bugreport wrote:I found the issue, FTPRush v3 doesn't support any of TLSv1.2 ciphers (i have reported that issue with TLSv1.3 also)

Unable to accept TLS connection: client does not support any cipher from 'TLSCipherSuite !EXPORT:ALL:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1'

TLS/TLS-C negotiation failed on control channel


You definitely should add to the app the ciphers being used just like FTPRush v1 and v2 and also what libraries and version are being used on it.


FTPRush v1 and v2 use OpenSSL for TLS support and v3 use Windows SChannel for TLS support.
After a few days of debugging, we found that the cipher of your server is not compatible with Schannel.

Since we have no way to add ciphers to SChannel, you can only modify the server settings and add Schannel compatible ciphers.
FTP
Site Admin
 
1876
 
Tue Sep 29, 2009 6:09 am

Re: glftpd connection problem

Postby bugreport » Thu Apr 01, 2021 1:25 pm

That's simply another stepback at FTPRush v3, any ftp server handles it fine, even ancient the ones...
bugreport
 
69
 
Fri Jan 01, 2021 3:39 am

Re: glftpd connection problem

Postby bugreport » Thu Apr 01, 2021 1:41 pm

Please add to the log window what ciphers are used when connecting to the server so i can track and check what cipher is actually being used on the client side, tks.
bugreport
 
69
 
Fri Jan 01, 2021 3:39 am

Re: glftpd connection problem

Postby bugreport » Thu Apr 01, 2021 3:23 pm

Here's the cipher info when connecting to site:

FTPRush v1/v2: (doesn't support TLSv1.3)

Encryption algorithm: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384-256

FlashFXP: (doesn't support TLSv1.3)

TLSv1.2 encrypted session using cipher ECDHE-ECDSA-CHACHA20-POLY1305 (256 bits)

Filezilla:

TLSv1.3 ECDHE-ECDSA-CHACHA20-POLY1305 (256 bits)


FTPRush v3 should be able to connect/support at least TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384-256 cipher (FTPRush v1/v2), MS Schannel SSP does support it. I've test this with several different servers using the same EC cipher (most secure and better performance) and it's the only FTP client which does not allow to connect any, reporting always the same error.
bugreport
 
69
 
Fri Jan 01, 2021 3:39 am

Re: glftpd connection problem

Postby FTP » Fri Apr 02, 2021 5:10 am

bugreport wrote:Here's the cipher info when connecting to site:

FTPRush v1/v2: (doesn't support TLSv1.3)

Encryption algorithm: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384-256

FlashFXP: (doesn't support TLSv1.3)

TLSv1.2 encrypted session using cipher ECDHE-ECDSA-CHACHA20-POLY1305 (256 bits)

Filezilla:

TLSv1.3 ECDHE-ECDSA-CHACHA20-POLY1305 (256 bits)


FTPRush v3 should be able to connect/support at least TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384-256 cipher (FTPRush v1/v2), MS Schannel SSP does support it. I've test this with several different servers using the same EC cipher (most secure and better performance) and it's the only FTP client which does not allow to connect any, reporting always the same error.


We tried another popular windows FTP client "Smart FTP" which also uses MS Schannel got the same error.
We guess that your FTP server uses a ECDSA certificate with a secp521r1 curve. Schannel on Windows 10 no longer supports secp521r1.
Older versions of glftpd have generated a default certificate with this curve.
So you can try to generate a new certificate using a curve different than secp521r1.
FTP
Site Admin
 
1876
 
Tue Sep 29, 2009 6:09 am

Re: glftpd connection problem

Postby bugreport » Fri Apr 02, 2021 1:29 pm

No, it's secp384r1, not secp521r1.
bugreport
 
69
 
Fri Jan 01, 2021 3:39 am

Re: glftpd connection problem

Postby bugreport » Fri Apr 02, 2021 1:59 pm

I did some changes for testing purposes and a curious thing is that I'm using the same certificate on different servers and the error shows up in FTPRush v3 on some but not others, which tells me the EC is not the problem.
bugreport
 
69
 
Fri Jan 01, 2021 3:39 am

Re: glftpd connection problem

Postby FTP » Mon Apr 05, 2021 1:11 pm

bugreport wrote:I did some changes for testing purposes and a curious thing is that I'm using the same certificate on different servers and the error shows up in FTPRush v3 on some but not others, which tells me the EC is not the problem.


Version 3.2.6 has been released.
It supports direct FXP, enable it by tick "Option->FTP Protocol->Direct FXP".
FTP
Site Admin
 
1876
 
Tue Sep 29, 2009 6:09 am

Re: glftpd connection problem

Postby bugreport » Mon Apr 05, 2021 1:30 pm

Thank you for the info, I'll test it later.

The first browsing experience was awful, just give it a try on your end, press arrows UP and DOWN and check the results (it will endlessly run up and down), also Shift+End and Shift+Home still badly buggy. :(
bugreport
 
69
 
Fri Jan 01, 2021 3:39 am

PreviousNext

Return to FTP Rush v3

Who is online

Users browsing this forum: No registered users and 1 guest