Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Reply
 
Thread Tools Rate Thread Display Modes
Old 04-21-2014, 05:47 PM   #16
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

Here's what I'd do. With the server offline make a backup of the ioFTPD dir into a zip/rar just in case you edit/delete the wrong file. Then rename the ioFTPD dir to ioFTPD-old. Then extract just the ioFTPD.ini file from the original zip file you downloaded for your 7.0.3 release and stick into into ioFTPD-old/system/ioFTPD.orig or something like that. Grab a free file differencing tool like WinMerge and compare ioFTPD.ini to ioFTPD.orig. This will show you any modifications you made to your current server from the default configuration which you now easily review.

Now extract the new ioFTPD release and edit the ioFTPD.ini as you want. Do go through it since there are tons of new features. By using WinMerge or just looking at the old ioFTPD.ini file you can see what you chose previously and copy things like Sections, VFS, etc over where it makes sense.

Trying to use WinMerge on the new ioFTPD.ini to your old will probably generate too many differences so that's why I suggested comparing against the old unmodified one.

Now that you have a new ioFTPD.ini file, just copy the /etc, /users, /groups, and /scripts dirs from ioFTPD-old. If you use nxTools you might need nxHelper, etc from the /lib dir as well. And double check what the old ioNiNJA required (like twapi maybe?), but I'd suggest upgrading ioNiNJA to the latest so you can just follow it's install requirements... Enable helpfile support for them in the .ini file as well

If you use merged directories in the .vfs file you may need to re-order them as I think we use the first dir listed instead of the last now but not many people use that feature.
Yil is offline   Reply With Quote
Old 11-24-2014, 01:25 PM   #17
Dahlia
Member
 
Join Date: Sep 2008
Posts: 33
Default

Back to the topic. So is there any way how to upgrade current ioFTPD Encryption algorithm from "TLSv1 ECDHE-RSA-AES256-SHA-256" to "TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384-256"? I started having troubles with some sites when i try fxp. I get this error:

:ftprush:
[glftpd] 426 Connection closed
Transfer Failed: 50MB
[ioftpd] 435 Failed TLS negotiation on data channel (SSL_connect(): (1) error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol), disconnected



Thx for any response.
Dahlia is offline   Reply With Quote
Old 11-25-2014, 08:59 AM   #18
Hans_
Junior Member
 
Join Date: Feb 2012
Posts: 28
Default

Hi Dahlia,

replace the following 2 dll files in ioFTPD/system directory with the newly released ones:

libeay32.dll and ssleay32.dll

voila..5 Euros wired to my account please

Last edited by Hans_; 11-25-2014 at 09:10 AM.
Hans_ is offline   Reply With Quote
Old 11-27-2014, 06:07 PM   #19
TeRRaNoVA
Junior Member
 
Join Date: Apr 2014
Posts: 26
Default iO fix for TLSv1.2

Quote:
Originally Posted by Duppie View Post
Not work, if it was that simple, ioftpd have no TLSv1.2 support or am i mistaken. Cannot connect to ioftpd TLS1.2 and fxp to/from TLS1.2 glftpd site not work. Is there a solution coming please ?
First step:

Install OpenSSL 1.0.1j for windows on your machine.

Second step:

Copy the following files from C:\OpenSSL-Win32

libeay32.dll
libssl32.dll
ssleay32.dll

to ioFTPD\system and replace them!

Last stap:

Restart you iOFTPD



Greatz

/TeRRaNoVA
TeRRaNoVA is offline   Reply With Quote
Old 12-01-2014, 06:52 PM   #20
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

It appears that the glftpd v2.05 Changelog includes this change "Change: disabled SSLv3 support (SSLv2 was already disabled)". That means that glftpd won't accept a SSL v2 or v3 hello message and thus won't connect using either of those methods, but it should have tried TLS as well since the default is to try all 3. However it also includes line "New: added new config options ALLOWED_PROTOCOLS that allow you to decide which TLS protocols are allowed by the sever. You can specify one or more out of : TLSv1, TLSv1.1, TLSv1.2 (Default is to allow only TLSv1.2)"

The older SSL libs don't support TLS 1.2 so you'll have to upgrade them. See posts above for people who have already done this.

If that doesn't work try making this change in the ini file. Under [FTP_Service] change Encryption_Protocol to TLS. This affects all connections which means that users using SSL2/3 won't be able to login to your FTP until they change to TLS encryption in their site settings. However it may solve the glftpd compatibility problem you are seeing. You may need to restart ioFTPD after making this change as I don't remember if changing this settings triggers the service connection (from which data connections are spawned) to be recomputed.

If you're friendly with a glftpd admin for testing you can see what happens if they change that ALLOWED_PROTOCOLS settings to allow TLS v1 and/or v1.1 just to see if that change alone would fix things.
Yil is offline   Reply With Quote
Old 12-03-2014, 02:58 PM   #21
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

Track down some 0-byte files in the xferlog, see who the uploader was and/or track the source IP address by relaxing the hide-ip settings to show part of the ip address instead of hiding the whole thing (if you have that enabled) . You can then see if there is a pattern such that all the 0-byte files come from one sender or one site and then see if you can figure out what makes it special...

I seem to remember way way back the number one reason for some 0-byte files was the sender didn't have enough credits LOL.
Yil is offline   Reply With Quote
Old 03-07-2016, 08:51 AM   #22
Hans_
Junior Member
 
Join Date: Feb 2012
Posts: 28
Question

small question:

does any1 have a problem with the newest SSL Update (1.0.2g and 1.0.1s) in combination with ioftpd?

when starting ioftpd following message is presented:

"The ordinal 114could not be located in the dynamic link library SSLEAY32.dll"

Last edited by Hans_; 03-11-2016 at 07:08 AM. Reason: can confirm same behaviour for 1.0.1s
Hans_ is offline   Reply With Quote
Old 03-15-2016, 05:54 PM   #23
Sepp
Junior Member
 
Join Date: Mar 2016
Posts: 1
Default

ioFTPD is referencing ordinal 114 in ssleay32.dll which is ssl2 method function which was dropped in 1.01s libs for security reasons.
just use cff explorer or a hexeditor to change it to 117 (75h).
RaidenFTPD has got the same problem.
Sepp is offline   Reply With Quote
Old 03-17-2016, 09:09 PM   #24
mr-b
Junior Member
 
Join Date: Mar 2004
Posts: 20
Default

Here you go:

ioFTPD ssl tempfix

Quick temp fix for OpenSSL 1.0.2g+ where SSLv2 has been removed.

I changed the following lines in ioFTPD/src/services.c:

if (! _tcsicmp(tszEncryptionProtocol, _TEXT("SSL2")) ||
! _tcsicmp(tszEncryptionProtocol, _TEXT("SSL")))
{
//Method = SSLv2_method();
//lpService->bTlsSupported = FALSE;
Putlog(LOG_ERROR, _T("ERROR SSLv2 NOT SUPPORTED"));
return;
}
mr-b is offline   Reply With Quote
Old 05-21-2016, 09:11 AM   #25
MaistroX
Senior Member
FlashFXP Registered User
ioFTPD Registered User
 
Join Date: Jul 2002
Posts: 221
Default

Any working solution towards OpenSSL 1.0+ for 7.7.3 release of ioFTPD yet?

None of the above worked over here! :/


Regards
MaistroX is offline   Reply With Quote
Old 05-28-2016, 04:28 PM   #26
Prodigy
Member
FlashFXP Registered User
 
Join Date: Jul 2009
Posts: 53
Default

@MaistroX
What's the openssl things that didn't worked out for you?, compilation steps/process?

Worked fine over here with openssl 1.0.2h
Prodigy is offline   Reply With Quote
Old 08-19-2016, 02:50 PM   #27
MaistroX
Senior Member
FlashFXP Registered User
ioFTPD Registered User
 
Join Date: Jul 2002
Posts: 221
Default

Got it to work now with the OpenSSL-Win32 files, failed with the OpenSSL-Win64!
MaistroX is offline   Reply With Quote
Old 09-05-2016, 04:06 AM   #28
Hans_
Junior Member
 
Join Date: Feb 2012
Posts: 28
Default

hi every1,

did some1 test the latest release of openssl(v.1.1.0) with ioftpd?

im just wondering if some1 did and if its working right - otherwise there will be a problem if you upgrade to OpenSSL v.1.1.0..

just saw in the documentation:

"As of OpenSSL 1.1.0, these options are deprecated, use SSL_CTX_set_min_proto_version and SSL_CTX_set_max_proto_version instead."

so as i understand the situation, config entry in ioftpd.ini, will not work anymore:

OpenSSL_Options = NO_SSLv2|NO_SSLv3|NO_TLSv1

will not work anymore with OpenSSL v.1.1.0 due to change mentioned above...

any thoughts on this?
Hans_ is offline   Reply With Quote
Old 10-17-2016, 12:40 PM   #29
spudgun
Junior Member
FlashFXP Beta Tester
 
Join Date: Jun 2007
Posts: 27
Default

This is going to be a problem for me from today as Flashfxp has updated

FlashFXP 5.4.0 Build 3947
⦁ OpenSSL 1.1.0b for Windows XP SP3 and up. Older versions of Windows OS that are not compatible with the new OpenSSL library will use OpenSSL 1.0.2j.

I now can't connect to my IOFTPD FTP in ssl3 mode as it fails the negotiation. I've tried copying across the newest ssl .lib files, but it still won't connect.

Has anyone been able to find out a way to get this to work?
spudgun is offline   Reply With Quote
Reply

Tags
1.0+, install, ioftpd, openssl, upgrading

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 11:22 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)