Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Reply
 
Thread Tools Rate Thread Display Modes
Old 11-06-2003, 12:32 PM   #1
wooolF[RM]
Senior Member
ioFTPD Foundation User
 
Join Date: Oct 2003
Posts: 411
Default ssl key problem (yep, again)

used package from http://www.ioftpd.com/board/showthre...ght=generating to generate a key

key generated successfully, imported successfully, all settins are checked (server auth etc) successfully.

ioftpd.ini: (tried 1st time)

Require_Encrypted_Auth = !*
Require_Encrypted_Data = !*
Certificate_Name = blabla.mine.nu [*registered version*]
Explicit_Encryption = True
Encryption_Protocol = TLS/SSL3/SSL2/SSL1/SSL
Min_Cipher_Strength = 56
Max_Cipher_Strength = 384


ioftpd.ini: (tried 2nd time)

Require_Encrypted_Auth = !*
Require_Encrypted_Data = !*
Certificate_Name = blabla.mine.nu [*registered version*]
Explicit_Encryption = True
Encryption_Protocol = TLS
Min_Cipher_Strength = 56
Max_Cipher_Strength = 384


blabla.mine.nu is edited and yes, it's the right dns of the server and yes, it's the same as the name of the sertificate.

both dlls are installed in ffxp, ffxp is the newest one...


[18:18:46] Negotiating SSL/TLS session...
[18:18:46] Ident Request: xxx.xxx.xxx.xxx
[18:19:02] Connection failed (Connection lost)


[18:19:53] Negotiating SSL/TLS session...
[18:20:09] Connection failed (Connection lost)


[18:20:16] 220 :: xxx ready to serve ::
[18:20:16] AUTH SSL
[18:20:16] 504 AUTH SSL unsupported.
[18:20:16] Failed SSL/TLS negotiation, disconnected
[18:20:16] Connection failed (Connection lost)


[18:20:28] 220 :: xxx ready to serve ::
[18:20:28] AUTH TLS
[18:20:28] 504 AUTH TLS unsupported.
[18:20:28] Failed SSL/TLS negotiation, disconnected
[18:20:28] Connection failed (Connection lost)


config is rehashed, server restarted... still same crap
no problems with connecting w/o SSL

Please show me the right path

My mission : connect to ftp throught TCL at at least 128b. ( not for transferring files)
wooolF[RM] is offline   Reply With Quote
Old 11-06-2003, 12:34 PM   #2
Harm
Too much time...
Ultimate Scripter
 
Join Date: Jul 2003
Posts: 1,430
Default

Try with only 'one' encryption protocol.

Code:
Encryption_Protocol     = SSL3
Harm is offline   Reply With Quote
Old 11-06-2003, 12:45 PM   #3
wooolF[RM]
Senior Member
ioFTPD Foundation User
 
Join Date: Oct 2003
Posts: 411
Default

when using :

Require_Encrypted_Auth = !*
Require_Encrypted_Data = !*
Certificate_Name = blabla.mine.nu [*registered version*]
Explicit_Encryption = True
Encryption_Protocol = SSL3
Min_Cipher_Strength = 56
Max_Cipher_Strength = 384

(cfg rehashed, server restarted)


Implicit :
[18:41:04] Negotiating SSL/TLS session...
[18:41:20] Connection failed (Connection lost)


Auth SSL:
[18:41:34] 220 :: xxx ready to serve ::
[18:41:34] AUTH SSL
[18:41:34] 504 AUTH SSL unsupported.
[18:41:34] Failed SSL/TLS negotiation, disconnected
[18:41:34] Connection failed (Connection lost)


Auth TSL:
[18:42:12] Ident Request: xxx.xxx.xxx.xxx
[18:42:12] 220 :: xxx ready to serve ::
[18:42:12] AUTH TLS
[18:42:12] 504 AUTH TLS unsupported.
[18:42:12] Failed SSL/TLS negotiation, disconnected
[18:42:12] Connection failed (Connection lost)

wooolF[RM] is offline   Reply With Quote
Old 11-06-2003, 12:51 PM   #4
Harm
Too much time...
Ultimate Scripter
 
Join Date: Jul 2003
Posts: 1,430
Default

You might also want to remove '[*registered version*]' from your Certificate_Name line.
Harm is offline   Reply With Quote
Old 11-06-2003, 12:54 PM   #5
wooolF[RM]
Senior Member
ioFTPD Foundation User
 
Join Date: Oct 2003
Posts: 411
Default

btw the bat I've used to create my sertificate is:
Code:
@echo off
echo This batch will generate an SChannel compatible RSA 1024bits key for your ioFTPD
echo -----
set temphost=
set /P temphost=Please enter your server's hostname (example: xxx.dyndns.org):
echo Please Wait ... generating new certificate
echo -----
makecert.exe -r -n CN=%temphost% -eku 1.3.6.1.5.5.7.3.1 -ss my -sr CurrentUser -a sha1 -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 ioftpd.cer
echo -----

pause
now what I think of is... shouldn't I change that sha1 to tsl/md5/ssl3? Original help file from ioFTPd uses md5 as I see...
wooolF[RM] is offline   Reply With Quote
Old 11-06-2003, 12:59 PM   #6
Harm
Too much time...
Ultimate Scripter
 
Join Date: Jul 2003
Posts: 1,430
Default

Try this nice certificate generator created by StarDog:
http://www.ioftpd.com/board/showthre...=7981#post7981
Harm is offline   Reply With Quote
Old 11-06-2003, 01:00 PM   #7
wooolF[RM]
Senior Member
ioFTPD Foundation User
 
Join Date: Oct 2003
Posts: 411
Default

Auth SSL:

[18:56:35] 220 :: xxx ready to serve ::
[18:56:35] AUTH SSL
[18:56:35] 234 AUTH SSL successful.
[18:56:35] Negotiating SSL/TLS session...
[18:56:35] SSL/TLS negotiation successful...
[18:56:35] SSL/TLS connection using cipher RC4-MD5 (128 bits)
[18:56:38] PBSZ 0
[18:56:38] 200 PBSZ 0 successful.


worked after I removed that [reg version]
THNX for the tip Harm and prolly a good idea to add this to the documentation
wooolF[RM] is offline   Reply With Quote
Old 11-06-2003, 01:01 PM   #8
wooolF[RM]
Senior Member
ioFTPD Foundation User
 
Join Date: Oct 2003
Posts: 411
Default

Quote:
Originally posted by Harm
Try this nice certificate generator created by StarDog:
http://www.ioftpd.com/board/showthre...=7981#post7981
it's same package that I used (linked to it in 1st post)
wooolF[RM] is offline   Reply With Quote
Old 11-01-2004, 12:30 PM   #9
Pretone
Senior Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Aug 2004
Posts: 109
Default

Where I must put the .cer file?
Pretone is offline   Reply With Quote
Old 11-01-2004, 12:41 PM   #10
mr_F_2
Senior Member
 
Join Date: Jan 2004
Posts: 203
Default

Quote:
Originally posted by Pretone
Where I must put the .cer file?
you must install the certs to your certificate store (doubleclick and click next abunch of times) .. but you also need registered version
mr_F_2 is offline   Reply With Quote
Old 11-03-2004, 10:17 AM   #11
Hor0
Junior Member
 
Join Date: Oct 2004
Posts: 2
Default

Don't forget than for use the SSL you must run the ioftpd on the same account who registered the certificate.
And for your SSL problem, try with your computername.

Code:
makecert.exe -r -n "CN=%computername%" -b 01/01/2004 -e 01/01/2010 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr CurrentUser -sk %computername% -a md5 -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 ioftpd.cer
For example.
And put your "%computername%" in your ioftpd.ini
(%computername% is a windows variable)

Code:
Require_Encrypted_Auth = !*
Require_Encrypted_Data = !*
Certificate_Name = your_computer_name
Explicit_Encryption = True
Encryption_Protocol = SSL3
Min_Cipher_Strength = 128
Max_Cipher_Strength = 256
And run the ioftpd.exe with the same account who created and imported the certificate.
Hor0 is offline   Reply With Quote
Old 11-03-2004, 01:11 PM   #12
Grendel
Senior Member
FlashFXP Beta Tester
ioFTPD Scripter
 
Grendel's Avatar
 
Join Date: Jul 2004
Posts: 187
Default

in some cases in won't work with your hostname as certificate-name...

try this:

Certificate_Name = localhost
__________________
- FlashFXP v4.0 BETA (v3.7.9 Build 1401) registered
- Windows 7 x64
- McAfee Antivirus Enterprise 8.7i Patch 2 + Antispyware 8.7i
Grendel is offline   Reply With Quote
Old 11-04-2004, 03:45 AM   #13
scull
Senior Member
ioFTPD Scripter
 
Join Date: May 2003
Posts: 159
Default

Hi ..

I got problems with XP SP2 and generating key with stardogs .bat file .. At my XP SP1 there is no problem .. Any ideas ?

// Scull
scull is offline   Reply With Quote
Reply

Tags
auth, connection, failed, ftp, [182016]

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
edit pro tuanpham General Discussion 1 01-11-2005 11:33 PM


All times are GMT -5. The time now is 11:52 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)