2.4 Beta 1 fails with AUTH TLS

Think you've found a bug in a BETA version of Cerberus FTP Server? Post a description here.
Locked
krisweir
User
Posts: 13
Joined: Fri Jun 04, 2004 5:19 am
Location: Glasgow, Scotland
Contact:

2.4 Beta 1 fails with AUTH TLS

Post by krisweir » Fri Jan 06, 2006 9:10 am

Testing 2.4 Beta 1 with CuteFTP 7.1 client - setting type to "FTP with SSL" (AUTH SSL - Explicit) on port 21 works fine. For which, many thanks, Grant!
If type is set to "FTP with TLS" (AUTH TLS - Explicit) Cerberus does accept the AUTH TLS command but then fails during negotiation.
Error on Cerberus Server reads: SSL-accept error: a failure in the SSL library occurred - usually a protocol error: non sslv2 initial packet.

I have tried with and without using SSL certificate from the client when authenticating - no change. I don't think this is supported at present anyway (?)
Since TLS is going to be the way of the future, it would be nice to make it work. Any ideas?

Grant - I assume that in the official release it will be possible to set Cerberus to *require* a secure connection? At present the client can choose security level, which I don't trust!

st970742
Posts: 2
Joined: Sun Jan 22, 2006 3:30 pm

SSL issues

Post by st970742 » Mon Jan 23, 2006 1:00 pm

Hey I also tried to use the SSL. I turned it on from the cerberus server and then tried to conect with CORE FTP. If I set core to SSL it works fine, but if I set core to not use SSL, it still conects to cerberus even though I set up the server to use SSL.

Maybe the SSL option is not for requiring SSL, but only turns the feature on. Either way I think there should be an option to require SSL conections.

I've been through all the options to set cerberus to require an SSL conection, but haven't found anything that works. If anyone can think of anything I'm not doing, please let me know.

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Post by Serin » Thu Jan 26, 2006 10:09 pm

Hello,

The BETA version doesn't have an option to require SSL. I can put that in the release version.

st970742
Posts: 2
Joined: Sun Jan 22, 2006 3:30 pm

SSL connection not showing sub folder files

Post by st970742 » Thu Jan 26, 2006 11:13 pm

Hey Serin

Thanks for your reply. The requiring SSL option would be cool.

Otherwise I've been using the program more, and it seems when I login using the SSL mode, it doesn't show all the files that are present on my server. It shows the files in the first folder that I open, but then if I try to go down the directory tree by opening a folder, it doesn't show me anything that's in that folder. The only files in my sub folders are more sub folders and .html and .htm . However, I found that if I do a search for the files by name they can be found.

I think this is limited to the SSL connections because when I tried to conect without SSL, I can see all the files without any problem.

Again, I'm using Core FTP as my client incase the problem is limited for some reason to that client only.

krisweir
User
Posts: 13
Joined: Fri Jun 04, 2004 5:19 am
Location: Glasgow, Scotland
Contact:

requiring ssl & tls

Post by krisweir » Fri Jan 27, 2006 8:41 am

Thanks for the reply Grant.
Would it be possible to set the SSL-requirement on a per-user basis in your final release? This would be ideal, as not many of my user accounts have access to confidential material, so encryption would only be required for a select few. (And it's hard enough trying to explain to most users about folder-view and passive-mode on i.e. without getting them all to use a client that supports SSL! - and run it from PCs and MACs...)
Any thoughts on the TLS authentication problem?

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Post by Serin » Tue May 09, 2006 3:25 pm

The new BETA now supports SSLv3 and TLSv1. Should solve your problems.

krisweir
User
Posts: 13
Joined: Fri Jun 04, 2004 5:19 am
Location: Glasgow, Scotland
Contact:

Post by krisweir » Thu May 11, 2006 6:59 am

Thanks Grant!
You mention in the release notes that there now is an option to require SSL/TLS control and data protection. Where? I can't find it!

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Post by Serin » Thu May 11, 2006 9:11 am

The option is interface dependent. Check the interfaces tab of the server manager.

Locked