Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Reply
 
Thread Tools Rate Thread Display Modes
Old 12-29-2018, 04:04 AM   #1
Prodigy
Member
FlashFXP Registered User
 
Join Date: Jul 2009
Posts: 53
Lightbulb ioFTPD v7.7.7 : First in the world ftp server with TLS 1.3 support

I am proud to announced possibly the First ever in the world FTPD/FTP Server with TLS 1.3 support .

Currently the only usable FTP client in which supporting TLS 1.3 is good old curl!

7.7.7.9999 Changelog :
  • Upgraded into TCL 8.5.19
  • Upgraded into OpenSSL 1.1.1a for TLS 1.3 supports
  • Upgraded compiler into VS 2013 for possible fixes and enhancement
  • Disabled SSLv2

7.7.7.10000 Changelog :
  • Fixed Encryption_Protocol implementation

7.7.7.10001 Changelog :
  • More Fixed Encryption_Protocol implementation when enabling SSL3 cannot having workable TLS auth

7.7.7.10002 Changelog :
  • Stricter Encryption_Protocol to only allowing "SSL3, TLS1.0, TLS1.1, TLS1.2, TLS1.3" option

7.7.7.10003 Changelog :
  • SSLv3 is already been depreciated in OpenSSL 1.1.1, any AUTH SSL attempt will automatically redirect into TLS 1.2

7.7.7.10004 Changelog :
  • Fixed TLS 1.3 doesn't work from the beginning, now tested. Certificate files generation now will take until the Debug.log file reaching around 950 KB
  • If you changing the "OpenSSL_Ciphers" variable, you need to re-generate the certificate files by stopping ioFTPD, delete the ioFTPD.dhp, ioFTPD.key, ioFTPD.pem from the system folder, and re-run ioFTPD also watch the system\debug.log file until it stopped increasing in it's size
  • The longer "OpenSSL_Ciphers" variable, the longer automatic certificate files generation will take.
  • 7.7.7.10004-1 = Fine Tuned ioFTPD.ini for TLS 1.3

7.7.7.10005 Changelog :
  • Added more logic check for "Encryption_Protocol" option.
  • Prevent crashes when unknown "Encryption_Protocol" option being set.
  • Make TLS 1.2 as default protocol to avoid confusion

7.7.7.10006 Changelog :
  • Added more all of the OpenSSL 1.1.1a OpenSSL_Options variables
  • NO_SSLv2 and other OpenSSL_Options variables is depreciated on OpenSSL 1.1.1a, so i have removed it.
  • 7.7.7.10006-1 Added more proper OpenSSL_Ciphers variable for the TLS 1.3 only connection.
  • 7.7.7.10006-1 Redirecting some log messages into Debug.log, instead of Error.log


To test TLS 1.3 server functionality download latest curl from here.
Enable the TLS 1.3 in the ioFTPD.ini :
Code:
Encryption_Protocol     = TLS1.3
OpenSSL_Ciphers = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Above option is to only allow explicitly TLS 1.3.

In the curl bin directory or anywhere if you have added curl bin directory in the windows env path type the following :
Code:
curl -v --ciphers TLS_CHACHA20_POLY1305_SHA256 ftp://127.0.0.1:5420/test.log -k --user ioFTPD:ioFTPD --ssl-reqd
Code:
The "--user ioFTPD:ioFTPD" part is the default ioFTPD username:password!, change it if you have custom setup.
To upload a file into ioFTPD root folder :
Code:
curl -v --ciphers TLS_CHACHA20_POLY1305_SHA256 ftp://127.0.0.1:5420/ -k --user ioFTPD:ioFTPD --ssl-reqd -T X:\Folder\filename.extension
The ioFTPD dubbed version 7.7.7.10006-1 with TLS 1.3 supports!, don't forget thanks to UltraFine for countless time testing my build, great job bro!
Code:
https://mega.nz/#!AJknjSwR!Id4TO4Xi5kqqCZvaIX0fyF3d-lFUrJRwRrbPZho6apo
Now who will be the first FTP Client which support it . Let's hope my implementation is the correct one!

Note :
We need new certificate files for this one, so please delete your ioFTPD.dhp, ioFTPD.key, ioFTPD.pem from your system folder!, after that when you are launching the ioFTPD, monitor the "C:\ioFTPD\logs\Debug.log", wait it until reaching around 950 KB or when it stop increasing in it's size, then you can start using client to connect into ioFTPD server

About the usage of "Encryption_Protocol", the one that you have set in this option variable is the minimum supported protocol, so if you set "SSL3" means that it will support by minimum SSLv3 up until TLS 1.3.
The TLS 1.3 is highest secure protocol currently supported.


Possible OpenSSL_Options variables:
Code:
NO_ANTI_REPLAY
ENABLE_MIDDLEBOX_COMPAT
PRIORITIZE_CHACHA
ALLOW_NO_DHE_KEX
NO_RENEGOTIATION
NO_ENCRYPT_THEN_MAC
SAFARI_ECDHE_ECDSA_BUG
TLSEXT_PADDING
LEGACY_SERVER_CONNECT
DONT_INSERT_EMPTY_FRAGMENTS
ALL
NO_QUERY_MTU
COOKIE_EXCHANGE
NO_TICKET
CISCO_ANYCONNECT
NO_SESSION_RESUMPTION_ON_RENEGOTIATION
NO_COMPRESSION
ALLOW_UNSAFE_LEGACY_RENEGOTIATION
CIPHER_SERVER_PREFERENCE
TLS_ROLLBACK_BUG
NO_SSLv3
NO_TLSv1
NO_TLSv1_1
NO_TLSv1_2
NO_TLSv1_3
CRYPTOPRO_TLSEXT_BUG
More info :
Code:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html
Please set the "OpenSSL_Options" without any spaces in between the variables, for example :
Code:
OpenSSL_Options = PRIORITIZE_CHACHA|NO_SSLv3

Last edited by Prodigy; 01-04-2019 at 01:51 PM.
Prodigy is offline   Reply With Quote
Old 12-29-2018, 05:41 AM   #2
UltraFine
Junior Member
 
Join Date: Nov 2018
Posts: 26
Default

Oh great. A ftp server with TLS1.3 support. Nice. I will try it. But I did not understand, why I must wait till the Debug.log grows to 363KB. What is this about?
UltraFine is offline   Reply With Quote
Old 12-29-2018, 05:44 AM   #3
Prodigy
Member
FlashFXP Registered User
 
Join Date: Jul 2009
Posts: 53
Default

@UltraFine
It's only for the auto certificates generation things. It's only happened when ioFTPD is detecting there are no certificate files, so only for the first time.

Last edited by Prodigy; 12-29-2018 at 05:52 AM.
Prodigy is offline   Reply With Quote
Old 12-29-2018, 02:42 PM   #4
Prodigy
Member
FlashFXP Registered User
 
Join Date: Jul 2009
Posts: 53
Default

Added new hotfix 7.7.7.10000
Prodigy is offline   Reply With Quote
Old 12-29-2018, 06:00 PM   #5
Prodigy
Member
FlashFXP Registered User
 
Join Date: Jul 2009
Posts: 53
Default

Added new hotfix 7.7.7.10001
Prodigy is offline   Reply With Quote
Old 12-31-2018, 02:08 AM   #6
Prodigy
Member
FlashFXP Registered User
 
Join Date: Jul 2009
Posts: 53
Default

Added new hotfix 7.7.7.10002
Prodigy is offline   Reply With Quote
Old 12-31-2018, 06:08 AM   #7
Prodigy
Member
FlashFXP Registered User
 
Join Date: Jul 2009
Posts: 53
Default

Added new hotfix 7.7.7.10003
Prodigy is offline   Reply With Quote
Old 12-31-2018, 04:18 PM   #8
Prodigy
Member
FlashFXP Registered User
 
Join Date: Jul 2009
Posts: 53
Default

Added new hotfix 7.7.7.10004
Prodigy is offline   Reply With Quote
Old 01-03-2019, 04:05 AM   #9
UltraFine
Junior Member
 
Join Date: Nov 2018
Posts: 26
Default ioFTPD-v7.7.7.10004-1 .rar crashes

Hey Prodigy,

I tested ioFTPD-v7.7.7.10004-1 .rar on my Win10 machine.

I kept my old ioftpd.ini though with the following setting. All other files I overwrote with new oney from the RAR file. I deleted the PEM, KEY and DHP files before starting it, because I wanted io to generate new keys. IO starts but crashes immediatly after. My guess is, that it has a problem with the "NO_SSLv2" setting. In general I think, even if the setting is wrongly set, ioftpd should quit with a proper message in the log, but not crash.


CRASH-Log.txt

Code:
ID: 6300  [01d80000-01d7e0b0]
  # 1: 77BCB78C -> [ntdll + 6A78C] ? NtGetContextThread() + 0xC
Wed Jan 02 23:40:10 2019 - ioFTPD v7.7.7
Unhandled exception: Access Violation (0xC0000005)
Address: 0x57E6E321 [attempting to read data from 0x00000061]
PID=3976, PATH=C:\ioFTPD\system\ioFTPD.exe
Thread ID: 15664
ioftpd.ini
Code:
;Certificate_Name        = ioFTPD
Create_Certificate = True
Explicit_Encryption     = True
Encryption_Protocol     = NO_SSLv2 | NO_SSLv3 | TLS1.2
OpenSSL_Options = ALL
OpenSSL_Ciphers = DEFAULT:!LOW:!EXPORT
Min_Cipher_Strength     = 128
Max_Cipher_Strength     = 256
Get_External_Ident      = True
error.log
Code:
01-02-2019 23:39:07 tszEncryptionProtocol : 'NO_SSLv2 | NO_SSLv3 | TLS1.2'.
One more thing: in the ioFTPD-v7.7.7.10004-1 .rar in the ioftpd.ini file the setting is set to
Code:
Encryption_Protocol     = TLS1.3
This means the MINIMUM requirement for connecting to io is TLS1.3. I think this will create alot of confusion in people trying to setup ioftpd the first time because there is basically no ftp client (besides curl) at the moment that can handle TLS1.2. In my opinion the default setting for now has to be:
Code:
Encryption_Protocol     = TLS1.2

UltraFine

Last edited by UltraFine; 01-03-2019 at 04:13 AM.
UltraFine is offline   Reply With Quote
Old 01-03-2019, 06:08 AM   #10
Prodigy
Member
FlashFXP Registered User
 
Join Date: Jul 2009
Posts: 53
Default

@UltraFine
I think there is a confustion about NO_SSLv2 and others setting which should be belong into "OpenSSL_Options"

From the ioFTPD.ini
Quote:
If you do modify this you should also consider passing the
# appropriate NO_SSLv2, NO_SSLv3, and/or NO_TLSv1 options to the library
# via the OpenSSL_Options feature below
.
Added some logic check to accommodate unknown "Encryption_Protocol", instead of crashing, ioFTPD just put an error log mentioning "Unknown Encryption_Protocol Option" and running without any TLS or SSL until ioFTPD's "Encryption_Protocol" being fixed and ioFTPD also get restarted.
Prodigy is offline   Reply With Quote
Old 01-03-2019, 07:09 AM   #11
UltraFine
Junior Member
 
Join Date: Nov 2018
Posts: 26
Default

Quote:
Originally Posted by Prodigy View Post
@UltraFine
I think there is a confustion about NO_SSLv2 and others setting which should be belong into "OpenSSL_Options"

From the ioFTPD.ini


Added some logic check to accommodate unknown "Encryption_Protocol", instead of crashing, ioFTPD just put an error log mentioning "Unknown Encryption_Protocol Option" and running without any TLS or SSL until ioFTPD's "Encryption_Protocol" being fixed and ioFTPD also get restarted.
yes. 7.7.7.40005 works with this configuration. It generates a new certificate. The Debug file gets around 90kb in size:

ioftpd.ini
Code:
;Certificate_Name        = ioFTPD
Create_Certificate = True
Explicit_Encryption     = True
Encryption_Protocol     = TLS1.2
OpenSSL_Options = NO_SSLv2 | NO_SSLv3
OpenSSL_Ciphers = DEFAULT:!LOW:!EXPORT
Min_Cipher_Strength     = 128
Max_Cipher_Strength     = 256

Error.log

Code:
01-03-2019 12:55:38 tszEncryptionProtocol : 'TLS1.2'.
01-03-2019 12:55:38 Method : TLSv1_2_server_method()
01-03-2019 12:55:38 tszEncryptionProtocol : 'TLS1.2'.
01-03-2019 12:55:38 Method : TLSv1_2_server_method()
01-03-2019 12:56:43 tszEncryptionProtocol : 'TLS1.2'.
01-03-2019 12:56:43 Method : TLSv1_2_server_method()
01-03-2019 12:56:43 Unknown option (NO_SSLv2 ) in OpenSSL_Options for service 'FTP_Service'.
01-03-2019 12:56:43 Unknown option ( NO_SSLv3) in OpenSSL_Options for service 'FTP_Service'.
I have two questions:

1) What are the valid options for "OpenSSL_Options" besides "ALL"?
2) Why does it write "tszEncryptionProtocol : 'TLS1.2'." and "Method : TLSv1_2_server_method()" into the log? Is it an error? Because a write into the error.log indicates an "Error" to me. So if it is not an error, why does this show up in the error.log?
UltraFine is offline   Reply With Quote
Old 01-03-2019, 08:43 AM   #12
Prodigy
Member
FlashFXP Registered User
 
Join Date: Jul 2009
Posts: 53
Talking

@Ultrafine

Added 7.7.7.10006, have fun.

About the "tszEncryptionProtocol " logs appearing in the Error.log, just lazy attempt from me hehe, will do it soon to put in the right location of log file.
Prodigy is offline   Reply With Quote
Old 01-03-2019, 12:58 PM   #13
UltraFine
Junior Member
 
Join Date: Nov 2018
Posts: 26
Default

Quote:
Originally Posted by Prodigy View Post
@Ultrafine

Added 7.7.7.10006, have fun.

About the "tszEncryptionProtocol " logs appearing in the Error.log, just lazy attempt from me hehe, will do it soon to put in the right location of log file.
Very nice. I like very much what you added now. The list of options should go into ioftpd.ini so new people know about it.
UltraFine is offline   Reply With Quote
Old 01-03-2019, 02:19 PM   #14
Prodigy
Member
FlashFXP Registered User
 
Join Date: Jul 2009
Posts: 53
Default

Thank you, will do later on, a few extra kilobytes in the ioFTPD.ini surely won't hurt much as storage is getting cheaper everyday.
Prodigy is offline   Reply With Quote
Old 01-15-2019, 04:26 PM   #15
larazaa
Junior Member
 
Join Date: Nov 2012
Location: G3RM4NY
Posts: 8
Default

nice, thx.
larazaa is offline   Reply With Quote
Reply

Tags
curl, download, ftp, tls, upload

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 11:25 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)