This forum uses cookies. Click X button to hide this message. What is stored? 
Total Commander Forum Index Total Commander
Forum - Public Discussion and Support
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Total Commander FTPS error=10050 on TLS only servers
Goto page Previous  1, 2, 3, 4  Next
 
Post new topic   Reply to topic    Total Commander Forum Index -> TC Behaviour which will not be changed Printable version
View previous topic :: View next topic  
Author Message
onidlo2
Junior Member
Junior Member


Joined: 23 Oct 2015
Posts: 5

PostPosted: Mon Oct 26, 2015 8:09 am    Post subject: Reply with quote

Unfortunatelly, I don't know how to add support for TLS1.1. But it seems, that you are right, this is a list of supported protocols from my server:

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)

$ openssl ciphers -v | grep TLSv1.1
(returns nothing)
$ openssl ciphers -v | grep TLSv1.2
(returns a lot of ciphers)

This is the default setup for all Debian Jessie installations.

As far as I know, OpenSSL supports TLS 1.2 since version 1.0.1c. It is possible to update Total Commander to support TLSv1.2 too?
Back to top
View user's profile Send private message
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34340
Location: Switzerland

PostPosted: Thu Oct 29, 2015 5:01 am    Post subject: Reply with quote

You will have to find a precompiled OpenSSL dll with TLSv1.2 built in, or recompile the sources from OpenSSL.org yourself.
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
onidlo2
Junior Member
Junior Member


Joined: 23 Oct 2015
Posts: 5

PostPosted: Thu Oct 29, 2015 6:55 am    Post subject: Reply with quote

Hi,

I already use OpenSSL 1.0.2d which supports TLSv1_2. I tried DLL's from:
- https://slproweb.com/products/Win32OpenSSL.html
- https://indy.fulgan.com/SSL/

None of them works with Total Commander and TLSv1_2. Still the same result: "OFFLINE, error=10050" just after USER command.

I checked both DLLs (win openssl.exe provided by slproweb.com) and both of them support TSLv1_2.

WinSCP shows a screen, where I have to confirm self-signed certificate, then it connects and everything runs great. But I like Total Commander and I would like to use it for FTPS too;-))

Image: http://www.vitaj.sk/WinSCP-screen.png
Back to top
View user's profile Send private message
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34340
Location: Switzerland

PostPosted: Mon Nov 02, 2015 4:42 am    Post subject: Reply with quote

It's not a certificate error, TC also accepts self-signed certificates. But maybe the certificate has expired?
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Guillaume
Junior Member
Junior Member


Joined: 08 Apr 2003
Posts: 69

PostPosted: Mon Nov 02, 2015 8:32 am    Post subject: Reply with quote

I had the same OFFLINE, error=10050 thing with vsFTPd.

1) For me the solution was not really a logical one, but I had to include
Code:
ssl_ciphers=HIGH

in its configuration file.
Quote:
ssl_ciphers
This option can be used to select which SSL ciphers vsftpd will allow for encrypted SSL connections. See the ciphers man page for further details. Note that restricting ciphers can be a useful security precaution as it prevents malicious remote parties forcing a cipher which they have found problems with.


Hope it's worth anything and can get you on the right track.

2) Anoter occasion was when I made the chroot directory of the user that logged on writable (which vsFTPd doesn't allow). It wanted to send an ordinary message of this problem, but when the connection is implicitly secured, the message itself is not readable. TC gives you the SSL_get_error, while FileZilla says somehting like "unexpexted TLS packet received".

I'm well aware that this is another server altogether, but it might help you in the right direction somehow. Disclaimer: I read the whole topic a while ago, much has happened since, so I might not exactly be spot on here Razz
Back to top
View user's profile Send private message Send e-mail Visit poster's website
onidlo2
Junior Member
Junior Member


Joined: 23 Oct 2015
Posts: 5

PostPosted: Thu Nov 05, 2015 7:42 am    Post subject: Reply with quote

ghisler(Author) wrote:
It's not a certificate error, TC also accepts self-signed certificates. But maybe the certificate has expired?


Hi ghisler!
No, certificate is ok. I can give you access to the server, if you can debug it...
Back to top
View user's profile Send private message
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34340
Location: Switzerland

PostPosted: Thu Nov 05, 2015 8:00 am    Post subject: Reply with quote

2onidlo2 Could you try user Guillaume's suggestions to fix it? It looks like the server is only offering codecs not supported by OpenSSL.
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Nakata
Junior Member
Junior Member


Joined: 05 Nov 2015
Posts: 2

PostPosted: Thu Nov 05, 2015 8:02 am    Post subject: Same problem Reply with quote

Same problem happened to me after Update From Debian Wheezy to Debian Jessie. Using pureFTPD
Back to top
View user's profile Send private message
Nakata
Junior Member
Junior Member


Joined: 05 Nov 2015
Posts: 2

PostPosted: Thu Nov 05, 2015 8:09 am    Post subject: Quick solution Reply with quote

Only solution seems to be enable SSL (vulnerable to Poodle attack). delete file /etc/pure-ftpd/conf/TLSCipherSuite and restart pureFTPD

Your file TLSCipherSuite probably contains ALL:!aNULL:!SSLv3
, which means SSL v3 is disabled

---
Question is , is this really problem of OpenSSL? Filezilla also uses OpenSSL, and TLS connection to pureFTPD works OK
Back to top
View user's profile Send private message
onidlo2
Junior Member
Junior Member


Joined: 23 Oct 2015
Posts: 5

PostPosted: Sat Nov 07, 2015 3:03 pm    Post subject: Re: Quick solution Reply with quote

Hi there,

thank you Nakata, I changed /etc/pure-ftpd/conf/TLSCipherSuite from "ALL:!aNULL:!SSLv3" to "ALL:!aNULL" and now TC can connect. This change means that all SSL version 3.0 ciphers are enabled.

Nakata wrote:
Question is , is this really problem of OpenSSL? Filezilla also uses OpenSSL, and TLS connection to pureFTPD works OK


I have the latest OpenSSL libraries and therefore I think it is problem of TC, not OpenSSL.

Regards,
Ondrej
Back to top
View user's profile Send private message
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34340
Location: Switzerland

PostPosted: Mon Nov 09, 2015 3:51 am    Post subject: Reply with quote

Could you send me the name of your server? I don't even need a login user+password, since the problem occurs before logging in.
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Raziel
Junior Member
Junior Member


Joined: 27 Jan 2016
Posts: 8
Location: Bucharest, Romania

PostPosted: Wed Jan 27, 2016 1:48 pm    Post subject: Reply with quote

It sure is a problem of TC. It doesn't know how to handle TLSv1.2 with "explicit FTP over TLS" connections properly.
When trying to connect to my secured FTP server, it returns:
Code:
[WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Back to top
View user's profile Send private message Send e-mail
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34340
Location: Switzerland

PostPosted: Thu Jan 28, 2016 4:39 am    Post subject: Reply with quote

Are you sure you are using explicit FTP over TLS? Explicit means that TC connects in clear text, then sends command
AUTH TLS
and then starts the TLS sesssion.

If it does indeed use explicit mode, then please let me know which command causes this error (see ftp log, Configuration - Options - FTP - Log file).
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Raziel
Junior Member
Junior Member


Joined: 27 Jan 2016
Posts: 8
Location: Bucharest, Romania

PostPosted: Thu Jan 28, 2016 6:10 am    Post subject: Reply with quote

Here is the FTP log:
Quote:
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 4 of 50 allowed.
220-Local time is now 14:06. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
AUTH TLS
234 AUTH TLS OK.
USER xxxxxx
OFFLINE7, error=0


And the response on the server-side:
Quote:
[WARNING] Sorry, cleartext sessions are not accepted on this server. Please reconnect using SSL/TLS security mechanisms.
Back to top
View user's profile Send private message Send e-mail
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34340
Location: Switzerland

PostPosted: Mon Feb 01, 2016 5:08 am    Post subject: Reply with quote

???
After AUTH TLS, a secure connection is established.
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Total Commander Forum Index -> TC Behaviour which will not be changed All times are GMT - 6 Hours
Goto page Previous  1, 2, 3, 4  Next
Page 2 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Impressum: This site is maintained by Ghisler Software GmbH

Using phpBB © 2001-2005 phpBB Group