Go Back   FlashFXP Forums > >

Project: FlashFXP Bug Reports Ticket Tools
ID: 1074 Category: Server Compatibility Issue
Title: Cannot connect to my server past build 3876 Status: Closed (Fixed / Implemented)
Severity: Medium Version: 5.2

Junior Member
--IP--
09-28-2015, 10:22 AM
Cannot connect to my server past build 3876

Hello.

As of 5.2.0 build 3876, I can no longer connect to my primary server.
5.1.0 build 3861 and older, including version 4, works fine.

I have two servers.

My remote server, running Xlight FTP Server (SFTP) works fine with the latest version.

My local server, running FileCOPA can no longer be reached. Downgrading to build 3861 solves the issue.

https://www.filecopa.com/

I use the latest FileCOPA version 9.01 - September 8th.
They have a trial version too if needed.

Here is the FlashFXP connection log when it worked:

Code:
FlashFXP 5.1.0 (build 3861)
Support Forums https://oss.azurewebsites.net/forum/

Winsock 2.2 -- OpenSSL 1.0.2d 9 Jul 2015
[R] Connecting to Local Server -> DNS=my.server.com IP=x.x.x.x PORT=22
[R] Connected to Local Server
[R] Host key algorithm ssh-RSA, size 4096 bits.
[R] Fingerprint (MD5): 74:ea:65:26:f0:93:e7:4b:12:e6:e5:69:4d:ef:26:7f
[R] Key exchange: diffie-hellman-group-exchange-sha1. Session encryption: aes256-gcm, MAC: aes256-gcm, compression: none.
[R] Auth Type: Public Key
[R] ______________________________________________
[R] 
[R] Local Server Test Message
[R] ______________________________________________
[R]                                                                            
[R] Authentication succeeded
[R] SSH Connection open
[R] Connection established with FileCOPA (SFTP v5)
[R] SFTP Connection Ready
[R] Retrieving directory listing...
[R] List Complete: 876 bytes in 0,17 seconds (0,9 KB/s)
And here is the error:

Code:
FlashFXP 5.2.0 (build 3878)
Support Forums https://oss.azurewebsites.net/forum/

Winsock 2.2 -- OpenSSL 1.0.2d 9 Jul 2015
[R] Connecting to Local Server -> DNS=my.server.com IP=x.x.x.x PORT=22
[R] Connected to Local Server
[R] Host key algorithm ssh-rsa, size 4096 bits.
[R] Fingerprint (MD5): 74:ea:65:26:f0:93:e7:4b:12:e6:e5:69:4d:ef:26:7f
[R] Key exchange: diffie-hellman-group-exchange-sha1. Session encryption: aes256-gcm, MAC: aes256-gcm, compression: none.
[R] Connection failed
For now I'm staying at build 3861, but it's annoying as I have convinced quite a few to go for a FlashFXP license, and now it doesn't work
FlashFXP Developer
bigstar
09-29-2015, 12:00 PM
Re: Cannot connect to my server past build 3876

Hello,

Thank you for your bug report.

I am currently investigating this issue and I will post back when I have an update on this issue.
FlashFXP Developer
bigstar
09-29-2015, 02:09 PM
Re: Cannot connect to my server past build 3876

I am still investigating this problem but I wanted to give you a status update.

There appears to be a compatibility issue with the AES GCM cipher/mac

As a temporary solution you can uncheck these to work around the problem
FlashFXP Developer
bigstar
09-29-2015, 02:19 PM
Re: Cannot connect to my server past build 3876

Another update..

It appears that FileCopa is using a library from SecureBlackBox for the server engine, this just so happens to be the same one we use for SSH/SFTP client.

I can't tell what version/build they're using but I suspect it might be SBB v12, which added aes-gcm and SBB v13 introduced aes-gcm-OpenSSH

Maybe there is some unexpected compatibility issues between SBB v12 SFTP servers and SBB v13 clients.
FlashFXP Developer
bigstar
09-29-2015, 05:02 PM
Re: Cannot connect to my server past build 3876

I believe I found a problem in the SecureBlackBox library.

The AES GCM cipher is using the wrong AEAD logic, its using the AEAD logic for AES GCM@OpenSSH while both are different.

I am waiting to hear back from Eldos to confirm that this is in fact the case.

In the mean-time I have modified the SecureBlackBox library to correct the problem and confirmed it works with FileCOPA

You can download the new dev build from ffxp5.2.0.3879.zip

Unzip the flashfxp.exe and replace the flashfxp.exe in your FlashFXP program folder.
Junior Member
--IP--
09-30-2015, 11:49 AM
Re: Cannot connect to my server past build 3876

Thanks for already investigating it.
I have been busy and haven't had time to try the workaround, but I just tried the fixed executable on top of the 3878 installation and now it works great.
I'm looking forward to see what else you find out.

Great stuff so far at any rate. Both thumbs up for you and FlashFXP.
FlashFXP Developer
bigstar
10-01-2015, 07:24 AM
Re: Cannot connect to my server past build 3876

I just got an update on the issue from Ken Ivanov @ Eldos and he confirmed that the AES-GCM cipher was equalized to use the same logic as the AES-GCM@OPENSSH.COM cipher which results in the connection failure.

My fix by reverting the AES-GCM cipher to use the logic from SBB v12 was correct and Ken said that Eldos will address this issue in their next SBB update.

I will be releasing a public FlashFXP update in the next day or two that includes this change.
Junior Member
--IP--
10-01-2015, 02:07 PM
Re: Cannot connect to my server past build 3876

Great. Thanks for nailing it. I'll grab the update whenever it's ready.
Ticket Tools
Subscribe to this Ticket


Posting Rules
You may not post new tickets

Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -5. The time now is 05:58 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)