home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
kermit.columbia.edu
/
kermit.columbia.edu.tar
/
kermit.columbia.edu
/
newsgroups
/
misc.20031118-20041115
/
000184_Petri_member@newsguy.com_Sun Apr 11 20:07:10 2004.msg
< prev
next >
Wrap
Internet Message Format
|
2004-11-14
|
4KB
Path: newsmaster.cc.columbia.edu!panix!logbridge.uoregon.edu!newshub.sdsu.edu!tethys.csu.net!pln-w!spln!dex!extra.newsguy.com!newsp.newsguy.com!drn
From: Petri <Petri_member@newsguy.com>
Newsgroups: comp.protocols.kermit.misc
Subject: Re: FTP with Auth SSL
Date: 11 Apr 2004 16:46:26 -0700
Organization: Newsguy News Service [http://newsguy.com]
Lines: 88
Message-ID: <c5clci0adl@drn.newsguy.com>
References: <c5bv8301ck0@drn.newsguy.com> <GWfec.23377$Nn4.4630542@twister.nyc.rr.com>
NNTP-Posting-Host: p-467.newsdawg.com
X-Newsreader: Direct Read News 4.20
Xref: newsmaster.cc.columbia.edu comp.protocols.kermit.misc:14897
In article <GWfec.23377$Nn4.4630542@twister.nyc.rr.com>, Jeffrey Altman says...
> Secure Sockets Layer is the name Netscape gave the
> protocol when it was proprietary. After it was donated to
> the IETF and modified to fix some minor security design issues,
> the protocol was renamed to Transport Layer Security.
Yes, I am aware of that historical fact. :)
The reason I wondered why it complained about TLS when I had specified SSL, is
that there seem to exist something called "auth ssl" and "auth tls", which is
something I have to specify correctly in my FTP client when connecting to these
FTP-servers:
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
> You are not providing enough information to diagnose where
> the TLS connection is failing.
Sorry, I search the documentation for debug options, and only found "set ftp
debug on".
> Try turning on debugging:
> SET AUTH TLS DEBUG ON
Where did you find that? :)
It's not mentioned here:
http://www.columbia.edu/kermit/ckermit80.html
Thanks for the tip!
Very strange, if I add that line to the kermit script, I get this output when
running the script:
?No keywords match - debug
But if I write it at the prompt after the script has run, it is accepted.
This output is after having logged in with the script listed earlier and having
typed the command above:
---8<---
(/home/petri/) C-Kermit>set auth tls debug on
(/home/petri/) C-Kermit>ftp dir
---> TYPE A
200 Type set to A.
---> PASV
227 Entering Passive Mode (127,0,0,1,128,154)
---> LIST
150 Opening ASCII mode data connection for directory listing.
=>START SSL connect on DATA
SSL_handshake:UNKWN before/connect initialization
SSL_connect:UNKWN before/connect initialization
SSL_connect:3WCH_A SSLv3 write client hello A
SSL_read_alert
SSL_connect:failed in 3RSH_A SSLv3 read server hello A
ftp: SSL_connect DATA error: error:14094417:SSL routines:SSL3_READ_BYTES:sslv3
alert illegal parameter
(/home/petri/) C-Kermit>exit
---> QUIT
435 Failed TLS negotiation on data channel, disconnected: No such file or
directory.
SSL_write_alert
---8<---
Also, I failed to note the last time, the following is output at the beginning
of the session:
---8<---
220 FTP-server (glftpd 1.32_Linux+TLS) ready.
---> AUTH SSL
234 AUTH SSL successful
SSL accepted as authentication type
[TLS - ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
Compression: None
FTP Command channel is Private (encrypted)
---> PBSZ 0
200 PBSZ 0 successful
---> PROT P
200 Protection set to Private
---8<---
The more detailed debug output seems to indicate something that looks like a
protocol failure.
I know glftpd isn't exactly a crowning achievement of software engineering,
maybe there is a way in C-Kermit to specify a more relaxed ssl/tls negotiation?
But of course, FTP sessions work great from FTP clients on both Windows and
Linux, so that would rule out fatal server side problems.
Is there some configuring in kermit I could try to circumvent this problem?
Thanks for your help!
Petri