Columbia Kermit

home *** CD-ROM | disk | FTP | other *** search

/ Columbia Kermit / kermit.zip / newsgroups / misc.20031118-20041115 / 000184_Petri_member@newsguy.com_Sun Apr 11 20:07:10 2004.msg < prev next >

Wrap

Internet Message Format | 2020-01-01 | 4KB

Path: newsmaster.cc.columbia.edu!panix!logbridge.uoregon.edu!newshub.sdsu.edu!tethys.csu.net!pln-w!spln!dex!extra.newsguy.com!newsp.newsguy.com!drn From: Petri <Petri_member@newsguy.com> Newsgroups: comp.protocols.kermit.misc Subject: Re: FTP with Auth SSL Date: 11 Apr 2004 16:46:26 -0700 Organization: Newsguy News Service [http://newsguy.com] Lines: 88 Message-ID: <c5clci0adl@drn.newsguy.com> References: <c5bv8301ck0@drn.newsguy.com> <GWfec.23377$Nn4.4630542@twister.nyc.rr.com> NNTP-Posting-Host: p-467.newsdawg.com X-Newsreader: Direct Read News 4.20 Xref: newsmaster.cc.columbia.edu comp.protocols.kermit.misc:14897 In article <GWfec.23377$Nn4.4630542@twister.nyc.rr.com>, Jeffrey Altman says... > Secure Sockets Layer is the name Netscape gave the > protocol when it was proprietary. After it was donated to > the IETF and modified to fix some minor security design issues, > the protocol was renamed to Transport Layer Security. Yes, I am aware of that historical fact. :) The reason I wondered why it complained about TLS when I had specified SSL, is that there seem to exist something called "auth ssl" and "auth tls", which is something I have to specify correctly in my FTP client when connecting to these FTP-servers: http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html > You are not providing enough information to diagnose where > the TLS connection is failing. Sorry, I search the documentation for debug options, and only found "set ftp debug on". > Try turning on debugging: > SET AUTH TLS DEBUG ON Where did you find that? :) It's not mentioned here: http://www.columbia.edu/kermit/ckermit80.html Thanks for the tip! Very strange, if I add that line to the kermit script, I get this output when running the script: ?No keywords match - debug But if I write it at the prompt after the script has run, it is accepted. This output is after having logged in with the script listed earlier and having typed the command above: ---8<--- (/home/petri/) C-Kermit>set auth tls debug on (/home/petri/) C-Kermit>ftp dir ---> TYPE A 200 Type set to A. ---> PASV 227 Entering Passive Mode (127,0,0,1,128,154) ---> LIST 150 Opening ASCII mode data connection for directory listing. =>START SSL connect on DATA SSL_handshake:UNKWN before/connect initialization SSL_connect:UNKWN before/connect initialization SSL_connect:3WCH_A SSLv3 write client hello A SSL_read_alert SSL_connect:failed in 3RSH_A SSLv3 read server hello A ftp: SSL_connect DATA error: error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal parameter (/home/petri/) C-Kermit>exit ---> QUIT 435 Failed TLS negotiation on data channel, disconnected: No such file or directory. SSL_write_alert ---8<--- Also, I failed to note the last time, the following is output at the beginning of the session: ---8<--- 220 FTP-server (glftpd 1.32_Linux+TLS) ready. ---> AUTH SSL 234 AUTH SSL successful SSL accepted as authentication type [TLS - ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 Compression: None FTP Command channel is Private (encrypted) ---> PBSZ 0 200 PBSZ 0 successful ---> PROT P 200 Protection set to Private ---8<--- The more detailed debug output seems to indicate something that looks like a protocol failure. I know glftpd isn't exactly a crowning achievement of software engineering, maybe there is a way in C-Kermit to specify a more relaxed ssl/tls negotiation? But of course, FTP sessions work great from FTP clients on both Windows and Linux, so that would rule out fatal server side problems. Is there some configuring in kermit I could try to circumvent this problem? Thanks for your help! Petri