News  [SoftwareSite

Latest News
Older News
RSS Feed
 
Complete Projects
Useful Classes
Top Downloads
Message Board
AllAPI.net
 
Send Comments
Software License
Mentalis.org Buttons
Donate
 
Forums -> Security Library Forum
 
FTP TLS/SSL Handshake/negotiation.  
by Marcus Lundberg
posted on 2003/10/26

Hi,

I am trying to use Mentalis secure lib instead of the OpenSSL lib. However I am not quite sure it is supported, or how I can make the Mentalis seclib to support it.

After getting the answer from the "AUTH TLS" ( or SSL ) I issue the Mentalis
ChangeSecurityProtocol funtion with the following options:

o.Protocol = SecureProtocol.Tls1;
o.Certificate = null;
o.AllowedAlgorithms = SslAlgorithms.SECURE_CIPHERS;
o.VerificationType = CredentialVerification.None;
o.Verifier = null;
o.flags = SecurityFlags.Default;

After that I hoped that the handshaking would be dealt with, I tried manual verifaction as well. But I only get:
Org.Mentalis.Security.Ssl.Shared.SslException: The server hello message uses a protocol that was not recognized.

I am wondering if its not yet supported. Or if I have to learn about the encryption schemes and do the handshake
and/or the negotiation myself.

I also tried the above with the SMTP example ( but adjusting it for the FTP protocol :), and same thing.

Thank for your time and for what seems like a promising library.

by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2003/10/26

Since you're not the first to ask about implementing the AUTH command, I decided to add a new example to the Security Library. Download the latest version [http://www.mentalis.org/soft/projects/seclib/download.qpx] and look for the FtpClient example under the Samples\SSL\FtpClient directory.

by Marcus Lundberg
posted on 2003/10/27

Thank you for the quick response to my post.

However I did a quick compile and test of the sample and it still gives me the ClientHello error.

Regards

Marcus.

"
234 AUTH TLS successful
Org.Mentalis.Security.SecurityException:
An error occurs while communicating with the remote host. ---> org.Mentalis.Security.Ssl.Shared.SslException: The server hello message uses a protocol that was not recognized.
at Org.Mentalis.Security.Ssl.Shared.CompatibilityLayer.ProcessServerHello(Byte[] bytes, Int32 offset, Int32 size)
"

by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2003/10/27

Have you tried the example project with the example url it shows in the console [ftp.ipswitch.com]? Does that work? I've tried the example with several servers and all of them worked...

What server are you using? You're sure that it supports SSL3 and/or TLS1 right? [if you've only enabled SSL2, you may get the exception you're seeing]

by Marcus Lundberg
posted on 2003/10/27

Hello again,

I think I am a bit embarassed, I checked the connections
authentification with ipswitch and this other server to see why I couldnt connect. Apparently I need to do DSS authentification, so I guess I am stuck with OpenSSL for now, unless I have missed something.

Thank you for your time, and keep up the good work with the lib.

Regards

Marcus

by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2003/10/27

The DSS schemes all require a Diffie-Hellman key-exchange and this is not yet supported. So yes, I'm afraid you're stuck with OpenSSL for now.

 

Copyright © 2002-2007, The Mentalis.org Team. All rights reserved.
This site is located at http://www.mentalis.org/
Send comments to the webmaster.