Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Reply
 
Thread Tools Rate Thread Display Modes
Old 10-05-2007, 02:41 PM   #1
odd
Senior Member
ioFTPD Registered User
 
Join Date: Sep 2003
Posts: 273
Default Question about FXP SSL

Can you ssl fxp from ioftpd 6.2.1 - ioftpd 5.8.5r?

I tried myslef recently with no success. Did I do something wrong or do I need v.6 on both?

I know, I have alot caching up to do.
odd is offline   Reply With Quote
Old 10-05-2007, 04:59 PM   #2
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

Heya odd. ioFTPD 5.x can only SSL in a server role, therefor there is no way for two 5.x servers to FXP over SSL. Since you have a v6 ioFTPD this should work.

If you're using FlashFXP make sure you enable FXP SSL for both sites. I think Flash properly recognizes that one site (the v6 one) supports SSCN to configure client mode so it will do that and let the other default to a server role. Things should just work.

If it doesn't just work, try disconnecting from both sites and reconnect with the sides switched. So if site A was on the left, site B was on the right connect with B on the left this time. This can reverse the client/server roles for the two sites... I think that's what I did way back when I tested v5 talking to v6 and it didn't work at first. I think FlashFXP got smarter since then though.

Last edited by Yil; 10-05-2007 at 07:12 PM.
Yil is offline   Reply With Quote
Old 10-06-2007, 06:33 AM   #3
odd
Senior Member
ioFTPD Registered User
 
Join Date: Sep 2003
Posts: 273
Default

Thank you for your help but Iam still haveing problem.

This is what ive found out so far.

It only works If I do a transfer from ioftpd v.6.2.1 - ioftpd v.5.8.5r. If I do the opposite way it wont work(ioftpd v.5.8.5r - ioftpd v.6.2.1).

It looks like i need to get SSCN on and it only works If I do a transfere from v6 to v5 first. When Ive done a this transfer I can transfer both way v5-v6 and v6-v5.
Code:
[13:53:08] TYPE I
[13:53:08] 200 Type set to I.
[13:53:08] SSCN ON
[13:53:08] 200 SSCN:CLIENT METHOD
[13:53:08] PASV
[13:53:08] 227 Entering Passive Mode (000,000,000,001,117,86)
[13:53:08] PORT 000,000,000,001,117,86
[13:53:08] 200 PORT command successful.
[13:53:08] STOR file.r08
[13:53:09] 150 Opening BINARY mode data connection for file.r08.
[13:53:09] RETR file.r08
[13:53:09] 150 Opening BINARY mode data connection for file.r08.
[13:53:10] Transferred: file.r08 14,31 MB in 1,41 second (10 418,5 KB/s)
This is what happens If I do the opposite(v5 to v6) first
Code:
[13:58:03] TYPE I
[13:58:03] 200 Type set to I.
[13:58:03] TYPE I
[13:58:03] 200 Type set to I.
[13:58:03] CPSV
[13:58:03] 500 'CPSV': Command not understood
[13:58:03] Secure site to site transfers not supported by this ftp server
[13:58:03] Transfer Failed!
[13:58:03] 1 File failed to transfer
[13:58:03] Server Error, Aborted
Any ideas?

Last edited by odd; 10-06-2007 at 07:03 AM.
odd is offline   Reply With Quote
Old 10-06-2007, 02:25 PM   #4
Zer0Racer
Senior Member
ioFTPD Scripter
 
Join Date: Oct 2002
Posts: 703
Default

ioFTPD v5.x can only receive ssl fxp, not send. So when you fxp from ioFTPD v6.x to v5.x it should be encrypted - but when you do it the other way around (and have "Secure Site To Site Transfers" enabled for both) you will get that error message since v5.x cannot initiate the ssl transfer (just receive).

When the fxp works from v5.x to v6.x the data is not encrypted.

/ZR
Zer0Racer is offline   Reply With Quote
Old 10-06-2007, 07:04 PM   #5
odd
Senior Member
ioFTPD Registered User
 
Join Date: Sep 2003
Posts: 273
Default

Quote:
Originally Posted by Zer0Racer View Post
ioFTPD v5.x can only receive ssl fxp, not send. So when you fxp from ioFTPD v6.x to v5.x it should be encrypted - but when you do it the other way around (and have "Secure Site To Site Transfers" enabled for both) you will get that error message since v5.x cannot initiate the ssl transfer (just receive).

When the fxp works from v5.x to v6.x the data is not encrypted.

/ZR
So to be clear. I need v6 on both sides to be able to encrypt data transfers both ways and only v6 can fxp to v5 not the opposite way.

I change the settings in ioftpd.ini on the v6-site so it forces everyone to use SSL3 when transfering data, so it should be impossible to transfer unencrypted data. Here is what happens.
Impossible to fxp from v6 to v5 from now on.

Any ideas? and is it only me that are haveing problems getting ssl-fxp to work on v6?

Here is the log:
Code:
[01:46:30] TYPE I
[01:46:30] 200 Type set to I.
[01:46:30] TYPE I
[01:46:30] 200 Type set to I.
[01:46:30] SSCN ON
[01:46:30] 200 SSCN:CLIENT METHOD
[01:46:30] PASV
[01:46:30] 227 Entering Passive Mode (000,000,000,000,117,65)
[01:46:30] PORT 000,000,000,000,117,65
[01:46:30] 200 PORT command successful.
[01:46:30] STOR file.r22
[01:46:30] 150 Opening BINARY mode data connection for file.r22.
[01:46:30] RETR file.r22
[01:46:30] 150 Opening BINARY mode data connection for file.r22.
[01:46:30] 426 Connection closed: The specified network name is no longer available.
[01:46:30] ABOR
[01:46:30] 426 Connection closed: Incorrect function.
[01:46:30] 226 ABOR command successful.
[01:46:30] ABOR
[01:46:30] 226 ABOR command successful.
[01:46:31] Transfer Failed!
odd is offline   Reply With Quote
Old 10-06-2007, 09:38 PM   #6
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

Actually Zero I think it's possible to have totally encrypted FXP between v5 and v6. The trick is you need to get flash to set the v6 to act as a client (which is what SSCN does for all transfers) or to act in receiver role.

If you do a v6->v5 which is what odd did, Flash figures out only one site supports SSCN so it enables client mode on that site, and from then on everything works great in BOTH directions which is again what appears to be happening. v5->v6 first and Flash didn't do the right thing. It looks like it tried to use CPSV on v5 which is a dumb thing to do since v5 never advertised support for the command in a FEAT response since v5 doesn't support that either. Is this the latest version of Flash? Like I said I think older versions didn't do as well as newer versions.

Also, did you try switching sides? It sounds silly, but because I think Flash interprets the client/server role differently depending on the side you queue the transfer on it really might make a difference.

For the moment just make sure you send a 1k file or something from v6 to v5 first and from then on everything should work fine
Yil is offline   Reply With Quote
Old 10-07-2007, 06:13 AM   #7
odd
Senior Member
ioFTPD Registered User
 
Join Date: Sep 2003
Posts: 273
Default

Quote:
Originally Posted by Yil View Post
Is this the latest version of Flash? Like I said I think older versions didn't do as well as newer versions.
Ive tried latest beta(FlashFXP V 3.5.1(build 1200) [3.6 RC1]) and v3.4.0 I think i was with no success.

Quote:
Originally Posted by Yil View Post
Also, did you try switching sides? It sounds silly, but because I think Flash interprets the client/server role differently depending on the side you queue the transfer on it really might make a difference.
Have tried this also with no success.

Quote:
Originally Posted by Yil View Post
For the moment just make sure you send a 1k file or something from v6 to v5 first and from then on everything should work fine
This doesnt work anymore. Since I forced everyone to use encryption when transfereing data with the command in ioftpd.ini I havent been able to fxp anymore. Everytime it fails.
When it worked before it had to be unencrypted.

FlashFXP V 3.5.1(build 1200) [3.6 RC1]
IP: 111.111.111.111 is ioFTPD V.6.2.1
IP: 222.222.222.222 is ioFTPD V.5.8.5r

I have, as said before forced users to use secure data transfers in ioftpd.ini with following settings:
Require_Encrypted_Auth = !MS *
Require_Encrypted_Data = *

Code:
[12:59:02] [L] TYPE I
[12:59:02] [L] 200 Type set to I.
[12:59:02] [R] TYPE I
[12:59:02] [R] 200 Type set to I.
[12:59:02] [L] SSCN ON
[12:59:02] [L] 200 SSCN:CLIENT METHOD
[12:59:02] [L] PASV
[12:59:02] [L] 227 Entering Passive Mode (111,111,111,111,117,83)
[12:59:02] [R] PORT 111,111,111,111,117,83
[12:59:02] [R] 200 PORT command successful.
[12:59:02] [R] STOR file.r00
[12:59:02] [R] 150 Opening BINARY mode data connection for file.r00.
[12:59:02] [L] RETR file.r00
[12:59:02] [L] 150 Opening BINARY mode data connection for file.r00.
[12:59:02] [L] 426 Connection closed: Incorrect function.
[12:59:02] [L] ABOR
[12:59:02] [R] 426 Connection closed: The specified network name is no longer available.
[12:59:02] [L] 226 ABOR command successful.
[12:59:02] [R] ABOR
[12:59:02] [R] 226 ABOR command successful.
[12:59:02] [R] Transfer Failed!
[12:59:02] [L] TYPE A
[12:59:02] [L] 200 Type set to A.
[12:59:02] [L] PASV
[12:59:02] [L] 227 Entering Passive Mode (111,111,111,111,117,60)
[12:59:02] [L] Opening data connection IP: 111,111,111,111 PORT: 30012
[12:59:02] [L] LIST -al
[12:59:02] [L] Connected. Negotiating SSL session..
[12:59:02] [L] SSL negotiation successful...
[12:59:02] [L] SSL encrypted session using cipher RC4-MD5 (128 bits)
[12:59:02] [L] 150 Opening ASCII mode data connection for directory listing.
[12:59:02] [L] List Complete: 2 KB in 0,24 seconds (10,6 KB/s)
[12:59:02] [R] TYPE A
[12:59:02] [R] 200 Type set to A.
[12:59:02] [R] PASV
[12:59:02] [R] 227 Entering Passive Mode (222,222,222,222,5,157)
[12:59:02] [R] Opening data connection IP: 222,222,222,222 PORT: 1437
[12:59:02] [R] LIST -al
[12:59:02] [R] Connected. Negotiating SSL session..
[12:59:02] [R] 150 Opening ASCII mode data connection for directory listing.
[12:59:02] [R] SSL negotiation successful...
[12:59:02] [R] SSL encrypted session using cipher RC4-MD5 (128 bits)            
[12:59:03] [R] List Complete: 2 KB in 0,33 seconds (7,0 KB/s)
[12:59:03] Transfer queue completed
[12:59:03] 1 File failed to transfer
odd is offline   Reply With Quote
Reply

Tags
fxp, ioftpd, ssl, v.6, wrong

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 06:49 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)