Page 5 of 7
Posted: 2012-01-22, 21:18 UTC
by Sob
Well, that shows another possibility. As author himself says it's not tested, maybe he's doing that "lite" version of ssl shutdown. And IIS (where it works) may be just more tolerant. At least we now found enough different server software to test with.
Posted: 2012-01-23, 14:52 UTC
by ghisler(Author)
Indeed TC doesn't shutdown the SSL connection, it just clears the control channel. This works fine with some servers, but not with all. Calling SSL_Shutdown followed by a loop of SSL_read calls seems to fix the problem. I will add it to beta 18.
Posted: 2012-01-23, 15:35 UTC
by gulikoza
Thanks for looking into this
Posted: 2012-02-03, 14:02 UTC
by gulikoza
Just tested beta18 and it seems to correctly shutdown TLS on control channel now. But it fails to build data connection. The (ftp) logs show:
starting TLS negotiation on data connection
but it does not complete. Without sending CCC, the connection will succeed (of course only if there's no NAT between the client and the server) so pure SSL/TLS works. Is there anything I can try to check on my end?
edit: tested both passive and active mode.
Posted: 2012-02-03, 14:06 UTC
by ghisler(Author)
TC doesn't support encrypted data connections together with unencrypted control connections, sorry. Try sending the command:
PROT C
Posted: 2012-02-03, 17:03 UTC
by gulikoza
It works.
Any chance of adding support for encrypted data connections as well?
Posted: 2012-02-05, 15:25 UTC
by ghisler(Author)
I will consider it. may I still use your test account to test it?
Posted: 2012-02-05, 15:34 UTC
by gulikoza
Certainly
Posted: 2012-02-12, 16:31 UTC
by gulikoza
SSL/TLS now works correctly with CCC (and across NAT) while preserving data & authentication encryption in TC8b19. Thanks
2
Sob
Perhaps you could test IIS and Gene6 FTP just to be sure? I could only test Proftpd
Posted: 2012-02-13, 00:39 UTC
by Sob
Tested and they both work fine.
Posted: 2012-02-13, 16:02 UTC
by ghisler(Author)
Thanks for testing it!
Posted: 2012-07-28, 08:34 UTC
by gezgin
ghisler(Author) wrote: First, try to find out whether it's a server problem, or on your side. Try to connect anonymously to our forum server:
ftps://ghisler.ch/
When I try to connect ftps://ghisler.ch with TC (control-F) I get a "Connect calll failed" error.
I have these files installed:
c:\totalcmd\libeay32.dll
c:\totalcmd\libssl32.dll
c:\totalcmd\rootcert.pem
What should I uses as "User name" and "Password"? I've tried several things including leaving them blank. I get the same error.
What am I doing wrong?
--
Bob
Posted: 2012-07-28, 14:00 UTC
by Sob
ftps://ghisler.ch does not seem to work any more. Try ftps://test:
test@ftp.secureftp-test.com.
Posted: 2012-07-29, 12:02 UTC
by gezgin
Thanks for the link. I was able to make the connection and I've also solved the problem of being unable to FTPS to Yahoo Hosting as well.
--
Bob
Posted: 2012-09-18, 03:28 UTC
by yoshin
Question
Can someone explain in detail how to actually enter those commands
command line ? where ?
9. Issue the following two commands to convert to openssl format:
openssl pkcs7 -inform DER -in rootcerts.p7b -print_certs -out unfiltered.pem
openssl x509 -in unfiltered.pem -out rootcert.pem