Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Reply
 
Thread Tools Rate Thread Display Modes
Old 10-13-2011, 04:18 AM   #1
Sc0tTy
Member
FlashFXP Registered User
 
Join Date: Oct 2007
Posts: 30
Default SSL troubles

I've been using AUTH TLS for a while now but i get random SSL errors during transfers.
[10:21:11] [L] 426 Connection closed: SSL library failure (error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac).
[10:21:11] [L] 226 ABOR command successful.
[10:21:11] [L] Transfer Failed!

When using AUTH SSL i get the following error during connect:
[11:12:30] [R] 150 Opening ASCII mode data connection for directory listing using SSL/TLS.
[11:12:30] [R] error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list
[11:12:30] [R] Failed SSL negotiation, disconnected
[11:12:30] [R] 426 Connection closed: SSL failure.
[11:12:30] [R] List Error

I've been googling for a while now, installed the latest OpenSSL-64 libs but nothing seems to work.. So i'm thinking theres something wrong with ioFTPD
This is my SSL config:



Explicit_Encryption = True

;Encryption_Protocol = SSL3

OpenSSL_Options = ALL

OpenSSL_Ciphers = DEFAULT:!LOW:!EXPORT
Sc0tTy is offline   Reply With Quote
Old 10-13-2011, 09:13 PM   #2
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

I've seen the first error myself and I'm pretty sure it was an interrupted transfer. I was downloading with flash and it just restarted and all was good.

The 2nd during the handshake could be any number of things.

ioFTPD just passes along the error from the OpenSSL lib so you can see what the problem is. See if you notice a pattern. It's possible there's a bug somewhere in ioFTPD, but it's got to be pretty rare. The only reason you're probably noticing this is because it reports something interesting instead of just a failed transfer like in the old days.
Yil is offline   Reply With Quote
Old 10-18-2011, 08:41 PM   #3
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

I just ran into a server that seemed to reject upload after upload with the SSL3_GET_RECORD:decryption failed or bad record mac) error. A little googling showed this to be an OpenSSL to OpenSSL issue a number of years ago with it popping up from time to time. I'm not sure what's going on, but this might be a more likely / serious problem than I thought. My guess is it's a real bug but not an ioFTPD bug. Keep me informed.
Yil is offline   Reply With Quote
Old 01-16-2012, 01:01 PM   #4
Sc0tTy
Member
FlashFXP Registered User
 
Join Date: Oct 2007
Posts: 30
Default

[18:57:29] [R] 150 Opening BINARY mode data connection for XXXXX.rXX using SSL/TLS.
[18:57:53] [L] 426- Connection reset
[18:57:53] [L] 426 Connection reset
[18:57:53] [R] 426-.----== ioNiNJA v1.0a ==---------------------------.
[18:57:53] [R] ABOR
[18:57:54] [R] 426-| + CRC-Check: FaileD! |
[18:57:54] [R] 426-`--------------------------------=====-------------'
[18:57:54] [R] 426 Connection closed: SSL library failure (error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac).

What i think happens is that the source doesnt see the FXP connection anymore and then breaks it of giving the ioFTPD SSL error

I also found this :
http://stackoverflow.com/questions/3...ultiprocessing

I think i get the error mostly when multiple users are sending...
Any ideas?
Sc0tTy is offline   Reply With Quote
Old 01-17-2012, 01:40 AM   #5
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

I believe any non-complete SSL stream can detect that it wasn't properly terminated and will result in a decryption failed error so it's not exactly the most useful error message. Why don't you try and look in the xferlog to see what it says. In particular the number of bytes received could be very useful to know.

The link is meaningless, it's about the python language...
Yil is offline   Reply With Quote
Old 01-17-2012, 04:25 AM   #6
Sc0tTy
Member
FlashFXP Registered User
 
Join Date: Oct 2007
Posts: 30
Default

Tue Jan 17 TIME 2012 14 IPADDRESS 31981568 FILE b _ i r USERNAME ftp 1 USERNAME l

Hmm that byte count is way off the filesize is 100MB
Sc0tTy is offline   Reply With Quote
Old 01-17-2012, 05:07 AM   #7
ArtX
Senior Member
FlashFXP Beta Tester
ioFTPD Foundation User
 
Join Date: Jan 2004
Posts: 301
Default

i find i get most ssl erros with any site running drftpd
ArtX is offline   Reply With Quote
Old 01-17-2012, 05:12 AM   #8
Sc0tTy
Member
FlashFXP Registered User
 
Join Date: Oct 2007
Posts: 30
Default

Problems here are with glFTPd and DRFTPd and the bigger the files the frequenter the problems
Sc0tTy is offline   Reply With Quote
Old 01-17-2012, 09:20 PM   #9
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

So you got ~31MB of a 100MB file and it got that far in roughly 24 seconds which meant it was going quite fast so the server didn't time out the connection or anything.

Unfortunately there isn't a simple way to figure out which side is having issues so you'll have to look at a number of things. My suggestion is to start with a memory test on the local server since I've had a few sticks of memory go bad over the years and the way the errors show up can be insidious sometimes. Then rule out the network card / CPU by transferring hundreds of gigs between the server and another local machine or laptop using SSL and use 'netstat -s' from a command prompt before and after to see if anything jumps out such as packet retransmissions or CRC errors. Use multiple transfers to stress things even more. This won't rule out specific SSL algorithm differences (though those OpenSSL guys are pretty savvy) but if you don't find a problem after all that then it's probably not your server and it's the other guys problem or a router between you (they can have memory fail as well).
Yil is offline   Reply With Quote
Old 01-18-2012, 03:57 AM   #10
Sc0tTy
Member
FlashFXP Registered User
 
Join Date: Oct 2007
Posts: 30
Default

I've been in contact with my ISP, it seems that the model modem i have has problems with downloading big files. The will send me a new modem ( and model ) and hopefully this will solve my problems.

I will keep you posted!
Sc0tTy is offline   Reply With Quote
Reply

Tags
connection, ssl, [102111], [111230], [r]

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 12:15 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)