FTP TLS/SSL Handshake/negotiation. |
|
|
by Marcus Lundberg posted on 2003/10/26 |
|
Hi,
I am trying to use Mentalis secure lib instead of the OpenSSL lib. However I am not quite sure it is supported, or how I can make the Mentalis seclib to support it.
After getting the answer from the "AUTH TLS" ( or SSL ) I issue the Mentalis
ChangeSecurityProtocol funtion with the following options:
o.Protocol = SecureProtocol.Tls1;
o.Certificate = null;
o.AllowedAlgorithms = SslAlgorithms.SECURE_CIPHERS;
o.VerificationType = CredentialVerification.None;
o.Verifier = null;
o.flags = SecurityFlags.Default;
After that I hoped that the handshaking would be dealt with, I tried manual verifaction as well. But I only get:
Org.Mentalis.Security.Ssl.Shared.SslException: The server hello message uses a protocol that was not recognized.
I am wondering if its not yet supported. Or if I have to learn about the encryption schemes and do the handshake
and/or the negotiation myself.
I also tried the above with the SMTP example ( but adjusting it for the FTP protocol :), and same thing.
Thank for your time and for what seems like a promising library. |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/10/26 |
|
Since you're not the first to ask about implementing the AUTH command, I decided to add a new example to the Security Library. Download the latest version [http://www.mentalis.org/soft/projects/seclib/download.qpx] and look for the FtpClient example under the Samples\SSL\FtpClient directory. |
by Marcus Lundberg posted on 2003/10/27 |
|
Thank you for the quick response to my post.
However I did a quick compile and test of the sample and it still gives me the ClientHello error.
Regards
Marcus.
"
234 AUTH TLS successful
Org.Mentalis.Security.SecurityException:
An error occurs while communicating with the remote host. ---> org.Mentalis.Security.Ssl.Shared.SslException: The server hello message uses a protocol that was not recognized.
at Org.Mentalis.Security.Ssl.Shared.CompatibilityLayer.ProcessServerHello(Byte[] bytes, Int32 offset, Int32 size)
" |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/10/27 |
|
Have you tried the example project with the example url it shows in the console [ftp.ipswitch.com]? Does that work? I've tried the example with several servers and all of them worked...
What server are you using? You're sure that it supports SSL3 and/or TLS1 right? [if you've only enabled SSL2, you may get the exception you're seeing] |
by Marcus Lundberg posted on 2003/10/27 |
|
Hello again,
I think I am a bit embarassed, I checked the connections
authentification with ipswitch and this other server to see why I couldnt connect. Apparently I need to do DSS authentification, so I guess I am stuck with OpenSSL for now, unless I have missed something.
Thank you for your time, and keep up the good work with the lib.
Regards
Marcus |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/10/27 |
|
The DSS schemes all require a Diffie-Hellman key-exchange and this is not yet supported. So yes, I'm afraid you're stuck with OpenSSL for now. |