View Single Post
Old 08-18-2003, 03:01 AM  
phrek
Junior Member
 
Join Date: Aug 2003
Posts: 6
Default Proxy/TLS bug in latest -- 2.1 (924)

I have found a bug with the handling of proxy/tls listings in flash. It doesnt seem to handle list connections (i havent checked download/upload/fxp connections) over ssl with a proxy.

flash connects fine over ssl/tls with a proxy, however, when the ftp server option "Secure File Listing" is selected it does not work as it should. I believe it initiates the tlsneg() on the wrong ip, on the proxy ip instead of the ip given from the pasv command. For example (in this test i am using proxy server type 12. USER ftp-user@ftp-host:ftp-port):

PWD
257 "/" is current directory.
PROT P
200 Protection set to Private
PASV
227 Entering Passive Mode (*,*,*,*,182,189)
LIST -al
Negotiating SSL/TLS session...
150 Opening ASCII mode data connection for directory listing.

At this point it is supposed to open a socket to *.*.*.* on port 46781, but it does'nt. I think it accidentally tries to open the socket on the actual proxy server on that port, insead of using the real server's ip from the pasv command. I have tested with this various ftps and executed the session manually over a socket with tcl and have come to the conclusion it is not the ftpd or proxy that doesn't support it, but that flash is simply not opening the session to the right ip. I do suspect though the same problem probably exists with download/upload transfer but I have not confirmed that.

Please advise... I have read over ftp://ftp.isi.edu/internet-drafts/dr...ftp-ssl-11.txt thoroughly and have no other explanation as to why it is not working other than flash is initiating the tls negotation on the wrong ip address.
phrek is offline