SSL key problems [Archive] - FlashFXP Forums

wooolF[RM]

11-06-2003, 12:32 PM

used package from http://www.ioftpd.com/board/showthread.php?s=&threadid=836&highlight=generating to generate a key

key generated successfully, imported successfully, all settins are checked (server auth etc) successfully.

ioftpd.ini: (tried 1st time)

Require_Encrypted_Auth = !*
Require_Encrypted_Data = !*
Certificate_Name = blabla.mine.nu [*registered version*]
Explicit_Encryption = True
Encryption_Protocol = TLS/SSL3/SSL2/SSL1/SSL
Min_Cipher_Strength = 56
Max_Cipher_Strength = 384

ioftpd.ini: (tried 2nd time)

Require_Encrypted_Auth = !*
Require_Encrypted_Data = !*
Certificate_Name = blabla.mine.nu [*registered version*]
Explicit_Encryption = True
Encryption_Protocol = TLS
Min_Cipher_Strength = 56
Max_Cipher_Strength = 384

blabla.mine.nu is edited and yes, it's the right dns of the server and yes, it's the same as the name of the sertificate.

both dlls are installed in ffxp, ffxp is the newest one...

[18:18:46] Negotiating SSL/TLS session...
[18:18:46] Ident Request: xxx.xxx.xxx.xxx
[18:19:02] Connection failed (Connection lost)

[18:19:53] Negotiating SSL/TLS session...
[18:20:09] Connection failed (Connection lost)

[18:20:16] 220 :: xxx ready to serve ::
[18:20:16] AUTH SSL
[18:20:16] 504 AUTH SSL unsupported.
[18:20:16] Failed SSL/TLS negotiation, disconnected
[18:20:16] Connection failed (Connection lost)

[18:20:28] 220 :: xxx ready to serve ::
[18:20:28] AUTH TLS
[18:20:28] 504 AUTH TLS unsupported.
[18:20:28] Failed SSL/TLS negotiation, disconnected
[18:20:28] Connection failed (Connection lost)

config is rehashed, server restarted... still same crap :o
no problems with connecting w/o SSL

Please show me the right path :p :confused:

My mission : connect to ftp throught TCL at at least 128b. ( not for transferring files)

Harm

11-06-2003, 12:34 PM

Try with only 'one' encryption protocol.

Encryption_Protocol = SSL3

wooolF[RM]

11-06-2003, 12:45 PM

when using :

Require_Encrypted_Auth = !*
Require_Encrypted_Data = !*
Certificate_Name = blabla.mine.nu [*registered version*]
Explicit_Encryption = True
Encryption_Protocol = SSL3
Min_Cipher_Strength = 56
Max_Cipher_Strength = 384

(cfg rehashed, server restarted)

Implicit :
[18:41:04] Negotiating SSL/TLS session...
[18:41:20] Connection failed (Connection lost)

Auth SSL:
[18:41:34] 220 :: xxx ready to serve ::
[18:41:34] AUTH SSL
[18:41:34] 504 AUTH SSL unsupported.
[18:41:34] Failed SSL/TLS negotiation, disconnected
[18:41:34] Connection failed (Connection lost)

Auth TSL:
[18:42:12] Ident Request: xxx.xxx.xxx.xxx
[18:42:12] 220 :: xxx ready to serve ::
[18:42:12] AUTH TLS
[18:42:12] 504 AUTH TLS unsupported.
[18:42:12] Failed SSL/TLS negotiation, disconnected
[18:42:12] Connection failed (Connection lost)

:(

Harm

11-06-2003, 12:51 PM

You might also want to remove '[*registered version*]' from your Certificate_Name line.

wooolF[RM]

11-06-2003, 12:54 PM

btw the bat I've used to create my sertificate is:@echo off
echo This batch will generate an SChannel compatible RSA 1024bits key for your ioFTPD
echo -----
set temphost=
set /P temphost=Please enter your server's hostname (example: xxx.dyndns.org):
echo Please Wait ... generating new certificate
echo -----
makecert.exe -r -n CN=%temphost% -eku 1.3.6.1.5.5.7.3.1 -ss my -sr CurrentUser -a sha1 -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 ioftpd.cer
echo -----

pause

now what I think of is... shouldn't I change that sha1 to tsl/md5/ssl3? Original help file from ioFTPd uses md5 as I see...

Harm

11-06-2003, 12:59 PM

Try this nice certificate generator created by StarDog:
http://www.ioftpd.com/board/showthread.php?s=&postid=7981#post7981

wooolF[RM]

11-06-2003, 01:00 PM

Auth SSL:

[18:56:35] 220 :: xxx ready to serve ::
[18:56:35] AUTH SSL
[18:56:35] 234 AUTH SSL successful.
[18:56:35] Negotiating SSL/TLS session...
[18:56:35] SSL/TLS negotiation successful...
[18:56:35] SSL/TLS connection using cipher RC4-MD5 (128 bits)
[18:56:38] PBSZ 0
[18:56:38] 200 PBSZ 0 successful.

worked after I removed that [reg version]
THNX for the tip Harm :) and prolly a good idea to add this to the documentation ;)

wooolF[RM]

11-06-2003, 01:01 PM

Originally posted by Harm
Try this nice certificate generator created by StarDog:
http://www.ioftpd.com/board/showthread.php?s=&postid=7981#post7981

it's same package that I used (linked to it in 1st post)

Pretone

11-01-2004, 12:30 PM

Where I must put the .cer file?

mr_F_2

11-01-2004, 12:41 PM

Originally posted by Pretone
Where I must put the .cer file?

you must install the certs to your certificate store (doubleclick and click next abunch of times) .. but you also need registered version

Hor0

11-03-2004, 10:17 AM

Don't forget than for use the SSL you must run the ioftpd on the same account who registered the certificate.
And for your SSL problem, try with your computername.

makecert.exe -r -n "CN=%computername%" -b 01/01/2004 -e 01/01/2010 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr CurrentUser -sk %computername% -a md5 -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 ioftpd.cer

For example.
And put your "%computername%" in your ioftpd.ini
(%computername% is a windows variable)

Require_Encrypted_Auth = !*
Require_Encrypted_Data = !*
Certificate_Name = your_computer_name
Explicit_Encryption = True
Encryption_Protocol = SSL3
Min_Cipher_Strength = 128
Max_Cipher_Strength = 256

And run the ioftpd.exe with the same account who created and imported the certificate.

Grendel

11-03-2004, 01:11 PM

in some cases in won't work with your hostname as certificate-name...

try this:

Certificate_Name = localhost

scull

11-04-2004, 03:45 AM

Hi ..

I got problems with XP SP2 and generating key with stardogs .bat file .. At my XP SP1 there is no problem .. Any ideas ?

// Scull