Old 02-02-2007, 09:21 PM   #1
zubov
Junior Member
 
Join Date: Dec 2003
Posts: 7
Thumbs up Sscn

Two sites [L] and [R]

When FXP'ing securely using SSCN from [L] to [R], FlashFXP will by default, set the [R] side to SSL Client Mode handshake using SSCN ON. If you then securely FXP (within the same two ftp sessions) in the opposite direction, from [R] to [L], FlashFXP will set the SSL Client mode on the [L] side. This leaves both sides in SSL Client mode and the handshake for the transfer fails.

The way I read the spec, SSCN is set for an entire session unless it is changed otherwise.

This is the best spec I can find -- http://www.raidenftpd.com/kb/kb000000037.htm

This is the current build -- 3.4 ? (I just updated to see if it was fixed)
zubov is offline  
Old 02-02-2007, 10:54 PM   #2
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

I did some tests and as far as I can tell only one site is sent SSCN ON regardless of the fxp direction.

SCCN is only turned on if it's off and only turned on for the site issuing the PASV command.

Only one site in a site to site transfer can be the one issuing the PASV command.

If there is an issue it would be a complicated one and it would require a copy of the ftp session log showing the problem, as well as details regarding the site settings.
bigstar is offline  
Old 02-06-2007, 12:53 PM   #3
zubov
Junior Member
 
Join Date: Dec 2003
Posts: 7
Default

Okay, it's not really about the side that it sets SSCN ON, it seems to do it to the PASV side of the transfer.

I found this bug while testing a slightly new implementation of PRET on drftpd (which I develop). The PRET functionality is working perfectly on both sides.

This may also be a misunderstanding in how I understand SSCN. SSCN defines what type of SSL handshake (client or server) the ftpd should do. FTP servers default at Server side SSL handshakes for both Active and Passive transfers. When you turn SSCN ON, it tells the server to use a Client SSL handshake for both Active and Passive transfers.

Below is a log of me opening two sessions, one on the left, and one on the right. Both to the same ftpd (in this case drftpd, (it's not version 2.0.4, it's lying to you))

I then transfer a file from /sourceL to /destinationR. Flash turns on SSCN Client mode on the left side (it used Passive). It then transfers the file. No problems.

Then, during the same two sessions, I transfer a file from /sourceR to /destinationL. Flash turns on SSCN Client mode on the right side (it used Passive). It then tries to transfer the file, but the transfer fails as the two daemons cannot do an SSL handshake. They are both in client mode.

SSCN is persistent over the session and is not for just one transfer. It also applies to both Active and Passive transfers, whereas CPSV only applies to Passive transfers.

The (shortened) log of what I just typed is below... (I had to shorten it to get under 10000 chars)
Code:
Microsoft wsock32.dll, ver2.2, 32bit of Apr 22 1999, at 20:29:32. -- OpenSSL 0.9.8b 04 May 2006
[L] Connecting to drftpd -> IP=192.168.1.52 PORT=2121
[L] Connected to drftpd
[L] 220 DrFTPD 2.0rc4 - No Funny Business!
[L] AUTH TLS
[L] 234 AUTH TLS successful
[L] Connected. Negotiating TLSv1 session..
[L] TLSv1 negotiation successful...
[L] TLSv1 encrypted session using cipher EDH-RSA-DES-CBC3-SHA (168 bits)
[L] PBSZ 0
[L] 200 Command okay
[L] USER drftpd
[L] 331 Password required for drftpd.
[L] PASS (hidden)
[L] 230 drftpd logged in successfully.
[L] SYST
[L] 215 UNIX system type.
[L] FEAT
[L] 211-Extensions supported:
[L]  CLNT
[L]  NOOP
[L]  PRET
[L]  AUTH SSL
[L]  PBSZ
[L]  CPSV
[L]  SSCN
[L]  MLST type*,x.crc32*,size*,modify*,unix.owner*,unix.group*,x.slaves*,x.xfertime*
[L] 211 End
[L] CLNT FlashFXP 3.4.0.1145
[L] 200 Command okay
[L] PWD
[L] 257 "/" is current directory
[L] TYPE A
[L] 200 Command okay
[L] PROT P
[L] 200 Command okay
[L] PRET LIST
[L] 200 OK, planning to use master for upcoming LIST transfer
[L] PASV
[L] 227- Using master for upcoming transfer
[L] 227 Entering Passive Mode (192,168,1,52,99,98).
[L] Opening data connection IP: 192.168.1.52 PORT: 25442
[L] LIST -al
[L] Connected. Negotiating TLSv1 session..
[L] 150 File status okay; about to open data connection.
[L] TLSv1 negotiation successful...
[L] TLSv1 encrypted session using cipher EDH-RSA-DES-CBC3-SHA (168 bits)
[L] 226- [Ul: 516.9MB] [Dl: 215.0MB] [Average speed: 93.1KB]
[L] 226-      [Credits: 0B] [Ratio: 1:0.0]
[L] 226 Closing data connection
[R] Connecting to drftpd -> IP=192.168.1.52 PORT=2121
[R] Connected to drftpd
[R] 220 DrFTPD 2.0rc4 - No Funny Business!
[R] AUTH TLS
[R] 234 AUTH TLS successful
[R] Connected. Negotiating TLSv1 session..
[R] TLSv1 negotiation successful...
[R] TLSv1 encrypted session using cipher EDH-RSA-DES-CBC3-SHA (168 bits)
[R] PBSZ 0
[R] 200 Command okay
[R] USER drftpd
[R] 331 Password required for drftpd.
[R] PASS (hidden)
[R] 230 drftpd logged in successfully.
[R] SYST
[R] 215 UNIX system type.
[R] FEAT
[R] 211-Extensions supported:
[R]  CLNT
[R]  NOOP
[R]  PRET
[R]  AUTH SSL
[R]  PBSZ
[R]  CPSV
[R]  SSCN
[R]  MLST type*,x.crc32*,size*,modify*,unix.owner*,unix.group*,x.slaves*,x.xfertime*
[R] 211 End
[R] CLNT FlashFXP 3.4.0.1145
[R] 200 Command okay
[R] PWD
[R] 257 "/" is current directory
[R] TYPE A
[R] 200 Command okay
[R] PROT P
[R] 200 Command okay
[R] PRET LIST
[R] 200 OK, planning to use master for upcoming LIST transfer
[R] PASV
[R] 227- Using master for upcoming transfer
[R] 227 Entering Passive Mode (192,168,1,52,101,136).
[R] Opening data connection IP: 192.168.1.52 PORT: 25992
[R] LIST -al
[R] Connected. Negotiating TLSv1 session..
[R] 150 File status okay; about to open data connection.
[R] TLSv1 negotiation successful...
[R] TLSv1 encrypted session using cipher EDH-RSA-DES-CBC3-SHA (168 bits)
[R] 226- [Ul: 516.9MB] [Dl: 215.0MB] [Average speed: 93.1KB]
[R] 226-      [Credits: 0B] [Ratio: 1:0.0]
[R] 226 Closing data connection
[R] List Complete: 229 bytes in 0.38 seconds (0.6 KB/s)
[L] List Complete: 229 bytes in 2.60 seconds (0.1 KB/s)
[L] CWD sourceL
[L] 250 Directory changed to /sourceL
[L] PWD
[L] 257 "/sourceL" is current directory
[R] CWD destinationR
[R] 250 Directory changed to /destinationR
[R] PWD
[R] 257 "/destinationR" is current directory
[L] PRET RETR file.txt
[L] 200 OK, planning for upcoming download
[L] SSCN ON
[L] 220 SSCN:CLIENT METHOD
[L] PASV
[L] 227- Using drftpd for upcoming transfer
[L] 227 Entering Passive Mode (192,168,1,52,97,169).
[R] PORT 192,168,1,52,97,169
[R] 200 Command okay
[R] STOR file.txt
[R] 150 File status okay; about to open data connection to drftpd.
[L] RETR file.txt
[L] 150 File status okay; about to open data connection from drftpd.
[R] 226 Transfer complete, 4B in 0.06 seconds (66B/s)
[L] 226 Transfer complete, 4B in 0.0030 seconds (1.3KB/s)
Transferred: file.txt 4 bytes in 0.28 seconds (0.0 KB/s)
[L] CWD /destinationL
[L] 250 Directory changed to /destinationL
[L] PWD
[L] 257 "/destinationL" is current directory
[R] CWD /sourceR
[R] 250 Directory changed to /sourceR
[R] PWD
[R] 257 "/sourceR" is current directory
[R] PRET RETR file.txt
[R] 200 OK, planning for upcoming download
[R] SSCN ON
[R] 220 SSCN:CLIENT METHOD
[R] PASV
[R] 227- Using drftpd for upcoming transfer
[R] 227 Entering Passive Mode (192,168,1,52,97,171).
[L] PORT 192,168,1,52,97,171
[L] 200 Command okay
[L] STOR file.txt
[L] 150 File status okay; about to open data connection to drftpd.
[R] RETR file.txt
[R] 150 File status okay; about to open data connection from drftpd.
[R] 426- Illegal client handshake msg, 1
[R] 426 Illegal client handshake msg, 1
[R] ABOR
[R] 226 Closing data connection
[L] ABOR
[L] 426- Illegal client handshake msg, 1
[L] 426 Transfer failed, deleting file
[L] 226 Closing data connection
[L] Transfer Failed!
Transfer queue completed
1 File failed to transfer
[L] QUIT
[L] 221 Goodbye!
[L] Logged off: drftpd
[R] QUIT
[R] 221 Goodbye!
[R] Logged off: drftpd

Last edited by zubov; 02-06-2007 at 03:52 PM.
zubov is offline  
Old 02-09-2007, 11:29 AM   #4
zubov
Junior Member
 
Join Date: Dec 2003
Posts: 7
Default

Any response? I'm curious as I just want to make sure I've implemented SSCN handling properly and there's not something I'm missing.
zubov is offline  
 

Tags
flashfxp, ftp, fxp, sscn, [r]

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 10:25 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)