FTP plugin do not work with SSL Encrypted Data connection

Discussion of bugs and problems found in Altap Salamander. In your reports, please be as descriptive as possible, and report one incident per report. Do not post crash reports here, send us the generated bug report by email instead, please.
ntk
Posts: 2
Joined: 22 Jul 2016, 15:14

FTP plugin do not work with SSL Encrypted Data connection

Post by ntk »

Hello,
I have just installed a new server with Centos 7.2 and vsftpd server on it.
The ftp plugin of Salamander works OK with this ftp server, until I have enabled SSL in vsftpd and especially option force_local_data_ssl=YES
The problem I see is that it can't list directory tree when data channel encryption is on.
In the same time it works OK when only control connection is encrypted. So when only control connection is encrypted - from the vsftp side with option force_local_logins_ssl=YES Salamander works OK, but when data connection is encrypted it does not list directory.
I have tested my ftp server with filezilla and no problem observed.
I do not have doubts that the problem is in the server part (vsftpd) as I have another one identical ftp servers and my configuration is from https://access.redhat.com/solutions/3436.
Could someone test with similar configuration SSL enabled Vsftpd ftp server and latest Salamander 3.0.7. Can you reproduce the problem?
regards
Nikolay Kabaivanov
Attachments
screenshot from ftp connection with SSL enabled (control and data channel encrypted) ftp server
screenshot from ftp connection with SSL enabled (control and data channel encrypted) ftp server
1.jpg (320.47 KiB) Viewed 10211 times
Petr Solin
ALTAP Staff
ALTAP Staff
Posts: 1112
Joined: 08 Dec 2005, 09:13
Location: Novy Bor, Czech Republic
Contact:

Re: FTP plugin do not work with SSL Encrypted Data connection

Post by Petr Solin »

Please try to use passive transfer mode: click Advanced button in Connect to FTP server dialog, select: Use passive transfer mode, click OK, click Connect.

If still not working, send us log from this session. Send it to forum or to my email if it contains sensitive data. Use ESC to stop waiting for listing, right click panel, choose Show Log from context menu. In FTP Logs window use menu File / Save As. You can also send us log from other FTP client which is working well on this server, we will see difference in communication with server. Thanks!
User avatar
McLion
Posts: 78
Joined: 26 Apr 2006, 17:54
Location: Switzerland

Re: FTP plugin do not work with SSL Encrypted Data connection

Post by McLion »

Has this been solved.
I'm facing the exact same issue when trying to connect to ftp on IIS.

....
SSL INFO: TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384 256 Bits
(14:04:19): Die Verifizierung des Serverzertifikates ist fehlgeschlagen.
(14:04:20): Das Serverzertifikat wurde vom Benutzer akzeptiert (allerdings ist die Serveridentität nicht bestätigt).
PBSZ 0
200 PBSZ command successful.
PROT P
200 PROT command successful.
USER ftpuser
331 Password required
PASS (Versteckt)
230-Welcome
230 User logged in.
(14:04:20): Erfolgreich eingeloggt, hole Systeminformationen...
SYST
215 Windows_NT
PWD
257 "/" is current directory.
(14:04:20): Wechsle den Pfad nach "/"...
CWD /
250 CWD command successful.
PWD
257 "/" is current directory.
(14:04:20): Liste Pfad "/"...
PASV
227 Entering Passive Mode (62,2,84,154,234,161).
TYPE A
200 Type set to A.
LIST
150 Opening ASCII mode data connection.
(14:04:20): SSL FEHLER: Kann keine verschlüsselte Verbindung aufbauen, SSL_connect gibt 5: error:00000005:lib(0):func(0):DH lib zurück
(14:04:50): Vorgang durch Benutzer abgebrochen.
(14:04:50): Textliste wurde von "IBM z/VM (CMS) 1"-Servertyp analysiert...
Petr Solin
ALTAP Staff
ALTAP Staff
Posts: 1112
Joined: 08 Dec 2005, 09:13
Location: Novy Bor, Czech Republic
Contact:

Re: FTP plugin do not work with SSL Encrypted Data connection

Post by Petr Solin »

Please try if it works from other FTP client, e.g. Filezilla. If yes, send also log from this FTP client. Thanks!
ntk
Posts: 2
Joined: 22 Jul 2016, 15:14

Re: FTP plugin do not work with SSL Encrypted Data connection

Post by ntk »

Hi
Yes it was solved, but the problem was not the Salamander. My problem was in the vsftpd and the csf firewall that I use.
Vsftpd should contain these lines in order to know which exactly port will use this passive connection. In this way you can enable this port range in the firewall.
pasv_enable=YES
pasv_min_port=31200
pasv_max_port=31220
If you did not explicitly define these ports, they will be random during connection and you can not allow them trough the firewall.

Regards
Nikolay Kabaivanov
User avatar
McLion
Posts: 78
Joined: 26 Apr 2006, 17:54
Location: Switzerland

Re: FTP plugin do not work with SSL Encrypted Data connection

Post by McLion »

Hi Nikolay

Thanks ... that reminded me on a setting in IIS.
It now works when I remove the port range and external IP in IIS.
It seems as if Salamander does not respond to the defined ports on the server and is still trying to use its default ports for the data connection.
However, for external SSL access I may need these settings.

Need to do more test ... and I'm open for any hints :D
Regards,
Franz
Post Reply