This forum uses cookies. Click X button to hide this message. What is stored? 
Total Commander Forum Index Total Commander
Forum - Public Discussion and Support
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Total Commander FTPS error=10050 on TLS only servers
Goto page 1, 2, 3, 4  Next
 
Post new topic   Reply to topic    Total Commander Forum Index -> TC Behaviour which will not be changed Printable version
View previous topic :: View next topic  
Author Message
Spacedust
Junior Member
Junior Member


Joined: 16 Nov 2014
Posts: 2

PostPosted: Sun Nov 16, 2014 1:23 pm    Post subject: Total Commander FTPS error=10050 on TLS only servers Reply with quote

I'm trying to connect to my dedicated servers using FTPS.

Since discovering the Poodlebleed Bug I had to disable SSL support on my server and use TLS only.

Now when I try to use FTPS I got such error:

Code:
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 4 of 5000 allowed.
220-Local time is now 20:18. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
AUTH TLS
234 AUTH TLS OK.
USER admin2
OFFLINE7, error=10050


If using WinSCP and TLS only mode then I'm able to connect.[/code]
Back to top
View user's profile Send private message
sqa_wizard
Power Member
Power Member


Joined: 06 Feb 2003
Posts: 3297
Location: Germany

PostPosted: Sun Nov 16, 2014 3:56 pm    Post subject: Reply with quote

Quote:
OFFLINE7, error=10050

May this is related to the used password, which has a special letter.
Check to use another password without this letter.
(e.g. "$" is a suspicious one)
_________________
#5767 Personal license
Back to top
View user's profile Send private message
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34715
Location: Switzerland

PostPosted: Mon Nov 17, 2014 7:41 am    Post subject: Reply with quote

This is odd, error 10050 is defined as follows:
WSAENETDOWN 10050 - Network is down. A socket operation encountered a dead network. This could indicate a serious failure of the network system (that is, the protocol stack that the Windows Sockets DLL runs over), the network interface, or the local network itself.

It could be a firewall blocking the sending of the password.
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Spacedust
Junior Member
Junior Member


Joined: 16 Nov 2014
Posts: 2

PostPosted: Wed Nov 19, 2014 12:09 pm    Post subject: Reply with quote

No firewall despite Windows one and no special letters in my password. It works just fine for normal FTP (without SSL).

Please note it happens right after typing username (admin) - even no password prompt is being shown.

My server options are like these:

Code:
service ftp
{
        disable = no
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/pure-ftpd
        server_args     = -A -c5000 -C8 -D -fftp  -H -I15 -lpuredb:/etc/pure-ftpd/pureftpd.pdb -lunix -L10000:8 -m4 -s -p30000:50000 -U133:022 -u100 -E -Oclf:/var/log/pureftpd.log -g/var/run/pure-ftpd.pid -k99 -Z -Y 1 -J HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3
        groups          = yes
        flags           = REUSE
}
Back to top
View user's profile Send private message
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34715
Location: Switzerland

PostPosted: Thu Nov 20, 2014 5:36 am    Post subject: Reply with quote

Could you create a read only test account for me? Just put a single text file in the root, so I can see whether the login worked or not.
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
neil77
Junior Member
Junior Member


Joined: 17 Sep 2015
Posts: 4

PostPosted: Thu Sep 17, 2015 1:30 am    Post subject: Reply with quote

Debian GNU/Linux 8.1 (jessie):
cat /etc/pure-ftpd/conf/TLSCipherSuite
ALL:!aNULL:!SSLv3

with SSLv3 FTP is working and program will ask for a certificate
only example
rm /etc/pure-ftpd/conf/TLSCipherSuite
then pure-ftpd runs with default parameters (with SSL3 Confused)

I could create for you account for testing
Back to top
View user's profile Send private message
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34715
Location: Switzerland

PostPosted: Thu Sep 17, 2015 3:22 am    Post subject: Reply with quote

2neil77
How does the FTP log from Total Commander look? You can enable it via Configuration - Options - FTP.
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
neil77
Junior Member
Junior Member


Joined: 17 Sep 2015
Posts: 4

PostPosted: Thu Sep 17, 2015 8:09 am    Post subject: Reply with quote

----------
SSL: Libraries loaded OK! C:\Windows\system32\libeay32.dll
Connect to: (2015-09-17 16:08:19)
hostname=192.168.1.40
username=
startdir=
192.168.1.40=192.168.1.40
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 16:08. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
AUTH TLS
234 AUTH TLS OK.
USER jacek
OFFLINE7, error=10050
Back to top
View user's profile Send private message
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34715
Location: Switzerland

PostPosted: Thu Sep 17, 2015 8:34 am    Post subject: Reply with quote

It looks like the TLS handshake works (no error from openssl libraries), but you are immediately logged out by the server.
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
neil77
Junior Member
Junior Member


Joined: 17 Sep 2015
Posts: 4

PostPosted: Thu Sep 17, 2015 10:57 am    Post subject: Reply with quote

TC:
Sep 17 18:36:10 studio pure-ftpd: (?@192.168.1.100) [INFO] New connection from 192.168.1.100
Sep 17 18:36:10 studio pure-ftpd: (?@192.168.1.100) [DEBUG] Command [auth] [TLS]
Sep 17 18:36:10 studio pure-ftpd: (?@192.168.1.100) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.

WINSCP : FTP+TLS_ONLY
Sep 17 18:52:22 studio pure-ftpd: (?@192.168.1.100) [INFO] New connection from 192.168.1.100
Sep 17 18:52:22 studio pure-ftpd: (?@192.168.1.100) [DEBUG] Command [auth] [TLS]
Sep 17 18:52:22 studio pure-ftpd: (?@192.168.1.100) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher
Sep 17 18:52:22 studio pure-ftpd: (?@192.168.1.100) [DEBUG] Command [user] [jacek]
Sep 17 18:52:26 studio pure-ftpd: (?@192.168.1.100) [DEBUG] Command [pass] [<*>]
Sep 17 18:52:26 studio pure-ftpd: (?@192.168.1.100) [INFO] PAM_RHOST enabled. Getting the peer address
Sep 17 18:52:26 studio pure-ftpd: (?@192.168.1.100) [INFO] jacek is now logged in
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [syst] []
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [feat] []
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [opts] [UTF8 ON]
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [pbsz] [0]
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [prot] [P]
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [pwd] []
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [cwd] [/]
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [pwd] []
Sep 17 18:52:27 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [type] [A]
Sep 17 18:52:27 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [pasv] []
Sep 17 18:52:27 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [mlsd] []
Sep 17 18:52:27 studio pure-ftpd: (jacek@192.168.1.100) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher

LOCAL:
$openssl s_client -starttls ftp -crlf -tls1_2 -connect localhost:21
CONNECTED(00000003)
depth=0 C = PL, ST = studio.foo.pl, O = studio.foo.pl, CN = studio.foo.pl
verify error:num=18:self signed certificate
verify return:1
depth=0 C = PL, ST = studio.foo.pl, O = studio.foo.pl, CN = studio.foo.pl
verify return:1
---
Certificate chain
0 s:/C=PL/ST=studio.foo.pl/O=studio.foo.pl/CN=studio.foo.pl
i:/C=PL/ST=studio.foo.pl/O=studio.foo.pl/CN=studio.foo.pl
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDlTCCAn2gAw___CUT___
-----END CERTIFICATE-----
subject=/C=PL/ST=studio.foo.pl/O=studio.foo.pl/CN=studio.foo.pl
issuer=/C=PL/ST=studio.foo.pl/O=studio.foo.pl/CN=studio.foo.pl
---
No client certificate CA names sent
---
SSL handshake has read 2104 bytes and written 495 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: 8E35F5BF7EE56913B73CA47D962C5E9E51F7DF38EF480383B3900B9FC7854382
Session-ID-ctx:
Master-Key: E08AA99A37EC9E7877FF760FEBE1E347703EA919B6F7017365A6CEA3500A074646EF164F83F98C7B2688D9C6E3820396
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - 15 f9 00 cd 1c cc 38 1f-d8 e9 80 95 a3 df 32 8d ......8.......2.
___CUT___
Start Time: 1442508838
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
220 You will be disconnected after 15 minutes of inactivity.
Back to top
View user's profile Send private message
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34715
Location: Switzerland

PostPosted: Mon Sep 21, 2015 2:16 am    Post subject: Reply with quote

Quote:
Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.


Apparently the server does not support explicit SSL (AUTH TLS command), only implicit (direct SSL connection). Normally TC can recognize this automatically. Try setting it manually.

wcx_ftp.ini section of the connection, add
SpecialFlags=1
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
neil77
Junior Member
Junior Member


Joined: 17 Sep 2015
Posts: 4

PostPosted: Mon Sep 21, 2015 3:58 am    Post subject: SpecialFlags=1 Reply with quote

Connect to: (2015-09-21 11:54:41)
hostname=192.168.1.40
username=
startdir=
192.168.1.40=192.168.1.40
SSL_read returned -1, SSL_get_error=1


SERVER:
- Debian GNU/Linux 8.2 (jessie)
- pure-ftpd 1.0.36-3.2
$ cat /etc/pure-ftpd/conf/TLS
1
$ cat /etc/pure-ftpd/conf/TLSCipherSuite
ALL:!aNULL:!SSLv3

Of course with +SSLv3 TC is working...
Back to top
View user's profile Send private message
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34715
Location: Switzerland

PostPosted: Fri Sep 25, 2015 2:28 am    Post subject: Reply with quote

SSL_get_error=1 is SSL_ERROR_SSL, which means some kind of error in SSL/TLS negotiation. TC would have to call ERR_get_error() to get more information on the specific SSL error. The error means that OpenSSL couldn't establish an SSL connection to your server, difficult to say what is wrong.
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
onidlo2
Junior Member
Junior Member


Joined: 23 Oct 2015
Posts: 5

PostPosted: Fri Oct 23, 2015 1:28 pm    Post subject: Reply with quote

Hi!

I have the same problem. I cannot connect to PureFTPd server (after upgrading from Debian Wheezy to Jessie) from Total Commander.

I can connect from WinSCP or lftp (command line linux client). WinSCP asks me to confirm certificate, Total Commander does not.

Everything worked perfectly until I upgraded to latest Debian.
Do you know why?
Back to top
View user's profile Send private message
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34715
Location: Switzerland

PostPosted: Mon Oct 26, 2015 4:39 am    Post subject: Reply with quote

It could be due to the missing TLSv1.2 support in OpenSSL. If you can, allow TLSv1.1 on the server.
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Total Commander Forum Index -> TC Behaviour which will not be changed All times are GMT - 6 Hours
Goto page 1, 2, 3, 4  Next
Page 1 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Impressum: This site is maintained by Ghisler Software GmbH

Using phpBB © 2001-2005 phpBB Group