glftpd connection problem

Any issues, suggestions, and bug reports about new FTP Rush v3
Post Reply
bugreport
Posts: 69
Joined: Fri Jan 01, 2021 3:39 am

Re: glftpd connection problem

Post by bugreport »

IMO and based in all bug reports I think it would be reasonable to keep "Beta" label in FTPRush v3 for at least for a while.
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: glftpd connection problem

Post by FTP »

bugreport wrote:I found the issue, FTPRush v3 doesn't support any of TLSv1.2 ciphers (i have reported that issue with TLSv1.3 also)

Unable to accept TLS connection: client does not support any cipher from 'TLSCipherSuite !EXPORT:ALL:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1'

TLS/TLS-C negotiation failed on control channel


You definitely should add to the app the ciphers being used just like FTPRush v1 and v2 and also what libraries and version are being used on it.
FTPRush v1 and v2 use OpenSSL for TLS support and v3 use Windows SChannel for TLS support.
After a few days of debugging, we found that the cipher of your server is not compatible with Schannel.

Since we have no way to add ciphers to SChannel, you can only modify the server settings and add Schannel compatible ciphers.
bugreport
Posts: 69
Joined: Fri Jan 01, 2021 3:39 am

Re: glftpd connection problem

Post by bugreport »

That's simply another stepback at FTPRush v3, any ftp server handles it fine, even ancient the ones...
bugreport
Posts: 69
Joined: Fri Jan 01, 2021 3:39 am

Re: glftpd connection problem

Post by bugreport »

Please add to the log window what ciphers are used when connecting to the server so i can track and check what cipher is actually being used on the client side, tks.
bugreport
Posts: 69
Joined: Fri Jan 01, 2021 3:39 am

Re: glftpd connection problem

Post by bugreport »

Here's the cipher info when connecting to site:

FTPRush v1/v2: (doesn't support TLSv1.3)

Encryption algorithm: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384-256

FlashFXP: (doesn't support TLSv1.3)

TLSv1.2 encrypted session using cipher ECDHE-ECDSA-CHACHA20-POLY1305 (256 bits)

Filezilla:

TLSv1.3 ECDHE-ECDSA-CHACHA20-POLY1305 (256 bits)


FTPRush v3 should be able to connect/support at least TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384-256 cipher (FTPRush v1/v2), MS Schannel SSP does support it. I've test this with several different servers using the same EC cipher (most secure and better performance) and it's the only FTP client which does not allow to connect any, reporting always the same error.
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: glftpd connection problem

Post by FTP »

bugreport wrote:Here's the cipher info when connecting to site:

FTPRush v1/v2: (doesn't support TLSv1.3)

Encryption algorithm: TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384-256

FlashFXP: (doesn't support TLSv1.3)

TLSv1.2 encrypted session using cipher ECDHE-ECDSA-CHACHA20-POLY1305 (256 bits)

Filezilla:

TLSv1.3 ECDHE-ECDSA-CHACHA20-POLY1305 (256 bits)


FTPRush v3 should be able to connect/support at least TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384-256 cipher (FTPRush v1/v2), MS Schannel SSP does support it. I've test this with several different servers using the same EC cipher (most secure and better performance) and it's the only FTP client which does not allow to connect any, reporting always the same error.
We tried another popular windows FTP client "Smart FTP" which also uses MS Schannel got the same error.
We guess that your FTP server uses a ECDSA certificate with a secp521r1 curve. Schannel on Windows 10 no longer supports secp521r1.
Older versions of glftpd have generated a default certificate with this curve.
So you can try to generate a new certificate using a curve different than secp521r1.
bugreport
Posts: 69
Joined: Fri Jan 01, 2021 3:39 am

Re: glftpd connection problem

Post by bugreport »

No, it's secp384r1, not secp521r1.
bugreport
Posts: 69
Joined: Fri Jan 01, 2021 3:39 am

Re: glftpd connection problem

Post by bugreport »

I did some changes for testing purposes and a curious thing is that I'm using the same certificate on different servers and the error shows up in FTPRush v3 on some but not others, which tells me the EC is not the problem.
FTP
Site Admin
Posts: 2072
Joined: Tue Sep 29, 2009 6:09 am

Re: glftpd connection problem

Post by FTP »

bugreport wrote:I did some changes for testing purposes and a curious thing is that I'm using the same certificate on different servers and the error shows up in FTPRush v3 on some but not others, which tells me the EC is not the problem.
Version 3.2.6 has been released.
It supports direct FXP, enable it by tick "Option->FTP Protocol->Direct FXP".
bugreport
Posts: 69
Joined: Fri Jan 01, 2021 3:39 am

Re: glftpd connection problem

Post by bugreport »

Thank you for the info, I'll test it later.

The first browsing experience was awful, just give it a try on your end, press arrows UP and DOWN and check the results (it will endlessly run up and down), also Shift+End and Shift+Home still badly buggy. :(
Post Reply