home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Columbia Kermit
/
kermit.zip
/
newsgroups
/
misc.20031118-20041115
/
000189_Petri_member@newsguy.com_Mon Apr 12 16:35:33 2004.msg
< prev
next >
Wrap
Internet Message Format
|
2020-01-01
|
4KB
Path: newsmaster.cc.columbia.edu!iad-feed.news.verio.net!peer1.stngva01.us.to.verio.net!news.verio.net!newsfeed3.dallas1.level3.net!news.level3.com!newsfeed1.easynews.com!easynews.com!easynews!pln-w!spln!dex!extra.newsguy.com!newsp.newsguy.com!drn
From: Petri <Petri_member@newsguy.com>
Newsgroups: comp.protocols.kermit.misc
Subject: Re: FTP with Auth SSL
Date: 12 Apr 2004 11:17:39 -0700
Organization: Newsguy News Service [http://newsguy.com]
Lines: 77
Message-ID: <c5emg3093u@drn.newsguy.com>
References: <c5bv8301ck0@drn.newsguy.com> <GWfec.23377$Nn4.4630542@twister.nyc.rr.com> <c5clci0adl@drn.newsguy.com> <407A073D.7040004@nyc.rr.com> <c5d66301vto@drn.newsguy.com> <407A990B.3040105@nyc.rr.com>
NNTP-Posting-Host: p-950.newsdawg.com
X-Newsreader: Direct Read News 4.20
Xref: newsmaster.cc.columbia.edu comp.protocols.kermit.misc:14902
In article <407A990B.3040105@nyc.rr.com>, Jeffrey Altman says...
>Petri wrote:
>>> A firewall is dropping the connection after the initial client
>>> hello is sent.
>> There are no firewalls passed in the session above.
>> In fact, it is run against localhost.
>> If I instead use the local ftp client of redhat 9, it works.
>> If I connect with any ftp client (except kermit) from remote hosts,
>> it works.
> Does the local ftp client support AUTH TLS or AUTH SSL?
I dunno.
I'm not the admin of that server, and my experience is more with Windows than
Linux anyway.
I do know that encryption is enforced on the glftd-server, I can see it in the
conf-file.
> Does the local ftp client encrypt the DATA channel?
The assumption would be yes, since data transfers are required to be encrypted
by the glftpd-server.
> Kermit is negotiating the command channel SSLv3 session just fine.
> When it attempts to negotiate the data channel SSLv3 session it
> sends a request to the server looking to reuse the existing session.
> The SSLv3 client hello message is sent and the socket becomes
> invalid.
> The socket is being closed.
Brr, it sounds less and less like there's an easy solution.
Is it possible that Kermit follows the IETF specs super-strict (as everyone
should, of course), but there is software out there that is much more relaxed in
their implementation of Auth TLS/SSL?
Is there some way to tell Kermit to be less strict?
> If this is not from a firewall, another possibility is that the ftpd
> is core dumping.
Not that either, sorry. :(
This FTP-server has had a total traffic of 9.75 TByte since it was deployed.
All that traffic has been encrypted.
There are other sessions continously ongoing as I am doing my testing.
I caught a couple of encrypted FTP-sessions to the server from a computer at the
office with Sniffer Pro, just to make sure that both control- and data-sessions
are encrypted.
And they are, and it works, as always.
I used Auth SSL with Cute FTP Pro, and Auth TLS with FlashFXP.
I unfortunately do not have any Linux systems available at the office, so I
can't sniff a remote C-Kermit session to compare.
I do have an ancient K-95 lying around, still packed into a box somewhere since
the last office move.
I think it was V1.1.18.
If it supports Auth SSL or Auth TLS, I can sniff a session with it.
Not much to see in comparison I guess since the sessions are encrypted, unless I
catch a cleartext error message from either side that could shed more light on
the situation.
Sorry to be such a nuisance. :(
I still believe that there is some simple setting that I have missed, that you
perhaps are assuming that I know of and have set.
This is my first encounter with FTP SSL/TLS.
I usually automate HTTP, FTP, SFTP and various COM-sessions with Perl.
This whole TLS business seems a bit odd to me, the page I posted a link to
earlier, seems to indicate that there are various issues and minor
incompatibilites involved between different implementations.
I'll gladly take any tips that you can share.
Petri