Total Commander FTPS error=10050 on TLS only servers

The behaviour described in the bug report is either by design, or would be far too complex/time-consuming to be changed

Moderators: white, Hacker, petermad, Stefan2

Raziel
Junior Member
Junior Member
Posts: 8
Joined: 2016-01-27, 19:34 UTC
Location: Bucharest, Romania

Post by *Raziel »

It doesn't seem so...
Look at the Filezilla authentication logs, made on the same FTP server:
Command: AUTH TLS
Response: 234 AUTH TLS OK.
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER xxxxxxxxxxxxx
Status: TLS/SSL connection established.
Response: 331 User xxxxxxxxxxxxx OK. Password required
Command: PASS ***************
Response: 230 OK. Current restricted directory is /
Total Commander fail right after 234 AUTH TLS OK.
It works perfectly well with SSLv3 enabled, so TC does something wrong with TLSv1.2 handling.
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Maybe the installed openssl dlls do not support TLSv2? I'm not aware of any different functions to call for TLSv2, it should work immediately when using the current Openssl dlls.
Author of Total Commander
https://www.ghisler.com
Raziel
Junior Member
Junior Member
Posts: 8
Joined: 2016-01-27, 19:34 UTC
Location: Bucharest, Romania

Post by *Raziel »

I have the OpenSSL-1.0.2f dlls.
How do you explain the fact that Filezilla works ?
It must be some differences...

I can give you all the inputs that you need to identify the cause.
Please help me, help US. :)
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Does FileZilla use OpenSSL, or its own implementation of SSL?
Author of Total Commander
https://www.ghisler.com
Raziel
Junior Member
Junior Member
Posts: 8
Joined: 2016-01-27, 19:34 UTC
Location: Bucharest, Romania

Post by *Raziel »

Filezilla can connect without the ssleay32.dll and libeay32.dll, so it has its own implementation I guess...
This is the list of dlls that the Filezilla executable is being linked against:
Name Description Company Name Path
{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db
{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000033.db C:\Users\andre_000\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000033.db
{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation C:\Windows\System32\advapi32.dll
BCP47Langs.dll BCP47 Language Classes Microsoft Corporation C:\Windows\System32\BCP47Langs.dll
bcrypt.dll Windows Cryptographic Primitives Library Microsoft Corporation C:\Windows\System32\bcrypt.dll
bcryptprimitives.dll Windows Cryptographic Primitives Library Microsoft Corporation C:\Windows\System32\bcryptprimitives.dll
C_1255.NLS C:\Windows\System32\C_1255.NLS
cfgmgr32.dll Configuration Manager DLL Microsoft Corporation C:\Windows\System32\cfgmgr32.dll
clbcatq.dll COM+ Configuration Catalog Microsoft Corporation C:\Windows\System32\clbcatq.dll
combase.dll Microsoft COM for Windows Microsoft Corporation C:\Windows\System32\combase.dll
comctl32.dll User Experience Controls Library Microsoft Corporation C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\comctl32.dll
comdlg32.dll Common Dialogs DLL Microsoft Corporation C:\Windows\System32\comdlg32.dll
crypt32.dll Crypto API32 Microsoft Corporation C:\Windows\System32\crypt32.dll
cryptbase.dll Base cryptographic API DLL Microsoft Corporation C:\Windows\System32\cryptbase.dll
cryptsp.dll Cryptographic Service Provider API Microsoft Corporation C:\Windows\System32\cryptsp.dll
cscapi.dll Offline Files Win32 API Microsoft Corporation C:\Windows\System32\cscapi.dll
cversions.2.db C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db
cversions.2.db C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db
davclnt.dll Web DAV Client DLL Microsoft Corporation C:\Windows\System32\davclnt.dll
davhlpr.dll DAV Helper DLL Microsoft Corporation C:\Windows\System32\davhlpr.dll
devobj.dll Device Information Set DLL Microsoft Corporation C:\Windows\System32\devobj.dll
dnsapi.dll DNS Client API DLL Microsoft Corporation C:\Windows\System32\dnsapi.dll
drprov.dll Microsoft Remote Desktop Session Host Server Network Provider Microsoft Corporation C:\Windows\System32\drprov.dll
dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation C:\Windows\System32\dwmapi.dll
filezilla.exe FileZilla FTP Client FileZilla Project C:\Users\andre_000\Desktop\FileZilla_3.15.0.1_win64\FileZilla-3.15.0.1\filezilla.exe
FWPUCLNT.DLL FWP/IPsec User-Mode API Microsoft Corporation C:\Windows\System32\FWPUCLNT.DLL
gdi32.dll GDI Client DLL Microsoft Corporation C:\Windows\System32\gdi32.dll
globinputhost.dll Windows Globalization Extension API for Input Microsoft Corporation C:\Windows\System32\globinputhost.dll
iconcache_16.db C:\Users\andre_000\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
iconcache_16.db C:\Users\andre_000\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
iconcache_16.db C:\Users\andre_000\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
iconcache_32.db C:\Users\andre_000\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
iconcache_32.db C:\Users\andre_000\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
iconcache_idx.db C:\Users\andre_000\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
imm32.dll Multi-User Windows IMM32 API Client DLL Microsoft Corporation C:\Windows\System32\imm32.dll
IPHLPAPI.DLL IP Helper API Microsoft Corporation C:\Windows\System32\IPHLPAPI.DLL
kernel.appcore.dll AppModel API Host Microsoft Corporation C:\Windows\System32\kernel.appcore.dll
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation C:\Windows\System32\kernel32.dll
KernelBase.dll Windows NT BASE API Client DLL Microsoft Corporation C:\Windows\System32\KernelBase.dll
locale.nls C:\Windows\System32\locale.nls
mpr.dll Multiple Provider Router DLL Microsoft Corporation C:\Windows\System32\mpr.dll
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation C:\Windows\System32\msasn1.dll
msctf.dll MSCTF Server DLL Microsoft Corporation C:\Windows\System32\msctf.dll
msftedit.dll Rich Text Edit Control, v7.5 Microsoft Corporation C:\Windows\System32\msftedit.dll
msimg32.dll GDIEXT Client DLL Microsoft Corporation C:\Windows\System32\msimg32.dll
msvcrt.dll Windows NT CRT DLL Microsoft Corporation C:\Windows\System32\msvcrt.dll
mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation C:\Windows\System32\mswsock.dll
ncrypt.dll Windows NCrypt Router Microsoft Corporation C:\Windows\System32\ncrypt.dll
netapi32.dll Net Win32 API DLL Microsoft Corporation C:\Windows\System32\netapi32.dll
netutils.dll Net Win32 API Helpers DLL Microsoft Corporation C:\Windows\System32\netutils.dll
normaliz.dll Unicode Normalization DLL Microsoft Corporation C:\Windows\System32\normaliz.dll
nsi.dll NSI User-mode interface DLL Microsoft Corporation C:\Windows\System32\nsi.dll
ntasn1.dll Microsoft ASN.1 API Microsoft Corporation C:\Windows\System32\ntasn1.dll
ntdll.dll NT Layer DLL Microsoft Corporation C:\Windows\System32\ntdll.dll
ntlanman.dll Microsoft® Lan Manager Microsoft Corporation C:\Windows\System32\ntlanman.dll
ntmarta.dll Windows NT MARTA provider Microsoft Corporation C:\Windows\System32\ntmarta.dll
ole32.dll Microsoft OLE for Windows Microsoft Corporation C:\Windows\System32\ole32.dll
oleaut32.dll Microsoft Corporation C:\Windows\System32\oleaut32.dll
powrprof.dll Power Profile Helper DLL Microsoft Corporation C:\Windows\System32\powrprof.dll
profapi.dll User Profile Basic API Microsoft Corporation C:\Windows\System32\profapi.dll
propsys.dll Microsoft Property System Microsoft Corporation C:\Windows\System32\propsys.dll
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation C:\Windows\System32\rasadhlp.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation C:\Windows\System32\rpcrt4.dll
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation C:\Windows\System32\rsaenh.dll
sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation C:\Windows\System32\sechost.dll
setupapi.dll Windows Setup API Microsoft Corporation C:\Windows\System32\setupapi.dll
SHCore.dll SHCORE Microsoft Corporation C:\Windows\System32\SHCore.dll
shell32.dll Windows Shell Common Dll Microsoft Corporation C:\Windows\System32\shell32.dll
shell32.dll.mui Windows Shell Common Dll Microsoft Corporation C:\Windows\System32\en-US\shell32.dll.mui
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation C:\Windows\System32\shlwapi.dll
SortDefault.nls C:\Windows\Globalization\Sorting\SortDefault.nls
srvcli.dll Server Service Client DLL Microsoft Corporation C:\Windows\System32\srvcli.dll
StaticCache.dat C:\Windows\Fonts\StaticCache.dat
thumbcache.dll Microsoft Thumbnail Cache Microsoft Corporation C:\Windows\System32\thumbcache.dll
tv_x64.dll TeamViewer 11 TeamViewer GmbH C:\Utils\TeamViewer\tv_x64.dll
user32.dll Multi-User Windows USER API Client DLL Microsoft Corporation C:\Windows\System32\user32.dll
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation C:\Windows\System32\uxtheme.dll
version.dll Version Checking and File Installation Libraries Microsoft Corporation C:\Windows\System32\version.dll
Windows.Globalization.dll Windows Globalization Microsoft Corporation C:\Windows\System32\Windows.Globalization.dll
WindowsCodecs.dll Microsoft Windows Codecs Library Microsoft Corporation C:\Windows\System32\WindowsCodecs.dll
winmm.dll MCI API DLL Microsoft Corporation C:\Windows\System32\winmm.dll
winmmbase.dll Base Multimedia Extension API DLL Microsoft Corporation C:\Windows\System32\winmmbase.dll
winnsi.dll Network Store Information RPC interface Microsoft Corporation C:\Windows\System32\winnsi.dll
winsta.dll Winstation Library Microsoft Corporation C:\Windows\System32\winsta.dll
wkscli.dll Workstation Service Client DLL Microsoft Corporation C:\Windows\System32\wkscli.dll
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation C:\Windows\System32\ws2_32.dll
wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation C:\Windows\System32\wsock32.dll


Note that even with Filezilla, I can connect only with ftpes:// prefix (explicit).
The following is a quote from Filezilla wiki page:
FTPS (SSL/TLS) is served up in two incompatible modes. If using explicit FTPS, the client connects to the normal FTP port and explicitly switches into secure (SSL/TLS) mode with "AUTH TLS", whereas implicit FTPS is an older style service that assumes SSL/TLS mode right from the start of the connection (and normally listens on TCP port 990, rather than 21). In a FileZilla client this means prefixing the host with "FTPES://" to connect an "explicit" FTPS server, or "FTPS://" for the legacy "implicit" server (for which you will likely also need to set the port to 990).
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

I found something on Stackoverflow:
http://stackoverflow.com/questions/30894057/ssleay32-dll-does-not-export-tls-method

I will try the suggestions there. If you want to test a pre-release version, then please contact me by e-mail.
Author of Total Commander
https://www.ghisler.com
Raziel
Junior Member
Junior Member
Posts: 8
Joined: 2016-01-27, 19:34 UTC
Location: Bucharest, Romania

Post by *Raziel »

E-mail sent. :)
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Beta sent. :)
Author of Total Commander
https://www.ghisler.com
Raziel
Junior Member
Junior Member
Posts: 8
Joined: 2016-01-27, 19:34 UTC
Location: Bucharest, Romania

Post by *Raziel »

It's working !

Here are the TC logs:
Connect to: (15-02-2016 12:39:49)
hostname=xxx
username=xxx
startdir=
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 12:39. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
AUTH TLS
234 AUTH TLS OK.
Method: TLSv1.2
Cert subject: xxx
Cert issuer: xxx
USER xxx
331 User xxx OK. Password required
PASS ***********
230 OK. Current restricted directory is /
And here are the server logs:
Feb 15 12:39:49 pure-ftpd: [INFO] New connection from xxx
Feb 15 12:39:49 pure-ftpd: [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher
Feb 15 12:39:50 pure-ftpd: [INFO] xxx is now logged in
Feb 15 12:39:50 pure-ftpd: [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher
Thank you Chris ! :)
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Thanks for testing! I will include this in TC9. But as you told me by e-mail, it doesn't work with the openssl dlls in LibCurl, so we will have to find a different solution for openssl+openssh dlls.
Author of Total Commander
https://www.ghisler.com
Raziel
Junior Member
Junior Member
Posts: 8
Joined: 2016-01-27, 19:34 UTC
Location: Bucharest, Romania

Post by *Raziel »

Everyone should stay up-to-date with OpenSSL libraries, so users can download those themselves from https://wiki.openssl.org/index.php/Binaries .
AMD
New Member
New Member
Posts: 1
Joined: 2016-08-29, 09:45 UTC

Hi, i am have same problem!

Post by *AMD »

Hi, i am have same problem!

Please send me correct libeay32.dll and libssl32.dll!!!!

My e-mail ptalex75@mail.ru
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Author of Total Commander
https://www.ghisler.com
User avatar
Guillaume
Junior Member
Junior Member
Posts: 90
Joined: 2003-04-08, 16:51 UTC

Post by *Guillaume »

Why not 1.0.2h?
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

I linked the ones I tested. You may be able to use the newer ones too, but they definitely don't work with TC 8.5x due to some missing functions.
Author of Total Commander
https://www.ghisler.com
Post Reply