kermit.columbia.edu

home *** CD-ROM | disk | FTP | other *** search

/ kermit.columbia.edu / kermit.columbia.edu.tar / kermit.columbia.edu / newsgroups / misc.20020314-20021006 / 000105_jaltman@watsun.cc.columbia.edu_Fri May 31 09:32:17 EDT 2002.msg < prev next >

Wrap

Text File | 2002-10-06 | 4KB | 85 lines

Article: 13398 of comp.protocols.kermit.misc Path: newsmaster.cc.columbia.edu!watsun.cc.columbia.edu!jaltman From: jaltman@watsun.cc.columbia.edu (Jeffrey Altman) Newsgroups: comp.protocols.kermit.misc Subject: Re: Kermit SSL/TLS Error?? Date: 31 May 2002 10:27:45 GMT Organization: Columbia University Lines: 68 Message-ID: <ad7j71$755$1@newsmaster.cc.columbia.edu> References: <fZxJ8.43814$6v2.1770330@twister.southeast.rr.com> <ad6nke$6ca$1@newsmaster.cc.columbia.edu> <TnCJ8.44200$6v2.1824853@twister.southeast.rr.com> NNTP-Posting-Host: watsun.cc.columbia.edu X-Trace: newsmaster.cc.columbia.edu 1022840865 7333 128.59.39.2 (31 May 2002 10:27:45 GMT) X-Complaints-To: postmaster@columbia.edu NNTP-Posting-Date: 31 May 2002 10:27:45 GMT Xref: newsmaster.cc.columbia.edu comp.protocols.kermit.misc:13398 The problem is in the processing of their SSL/TLS Server Hello message so they probably have a bug in their implementation of RFC 2246. We are never getting to the point in the SSL/TLS handshake where certificates are used. We are simply waiting for them to indicate which cipher suites to negotiate. You are going to have to figure out this problem with their technical support in conjunction with the openssl-users@openssl.org mailing list. Subscribe at http://www.openssl.org. The problem you are facing is not in C-Kermit. It is apparently an incompatibility between the version of OpenSSL you are using and the SSL/TLS implementation used by WS_FTPD. In article <TnCJ8.44200$6v2.1824853@twister.southeast.rr.com>, Eric Almond <eric672@carolina.rr.comTRASH> wrote: : As far as the cipher suites go...I'm not sure and I couldn't find anything : in the release notes or manual for WS_FTP denoting specific ciphers. I did : find this document on their knowledgebase...don't know if it helps any. : : Question/Problem: What RFC is implemented for the SSL support in WS_FTP Pro : and WS_FTP Server? : : Answer/Solution: The mechanism that can be used by FTP clients and servers : to implement security and authentication using the TLS protocol is defined : by [RFC-2246] and the extensions to the FTP protocol defined by [RFC-2228] : as described by Ford-Hutchinson, Carpenter, Hudson, Murray & Wiegand in : their internet draft dated January 26, 2000. : : I'll call IPSwitch's support line tomorrow to see if I can get specific info : for you... : : Here is the script I'm running. As you can see its pretty basic stuff... : : #!/opt/kermit/bin/kermit + : : SET AUTH TLS VERBOSE ON : SET AUTH SSL VERBOSE ON : SET AUTH TLS DEBUG ON : SET AUTH SSL DEBUG ON : SET FTP VERBOSE ON : SET FTP DEBUG ON : SET AUTH SSL VERIFY-FILE /opt/kermit/certs/ca_certs.pem : SET FTP AUTOLOGIN ON ; default setting : SET FTP AUTHTYPE TLS SSL : ;SET FTP AUTOAUTHENTICATION ON ; default setting : ;SET FTP AUTOENCRYPTION ON ; default setting : ;SET FTP COMMAND-PROTECTION-LEVEL PRIVATE ; default setting : ;SET FTP DATA-PROTECTION-LEVEL PRIVATE ; default setting : : if not defined \%1 exit 1 Usage: \%0 filename : if not exist \%1 exit 1 \%1: File not found : if not readable \%1 exit 1 \%1: File not readable : : ftp open ftp.xxxxx.com 21 /user:Anonymous /password:xxx@xxxxx.com : if fail exit 1 Connection failed : if not \v(ftp_loggedin) exit 1 Login failed : ftp cd /upload : if fail exit 1 ftp cd upload: \v(ftp_message) : ftp put \%1 : if fail exit 1 ftp put \%1: \v(ftp_message) : ftp bye : exit : Jeffrey Altman * Sr.Software Designer Kermit 95 1.1.21 available now!!! The Kermit Project @ Columbia University SSH plus Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and kermit-support@columbia.edu OpenSSL.