Welcome to the Cumulus Support forum.

Latest Cumulus MX release 3.6.6 (build 3082) - 1 June 2020 (please see important announcement regarding releases since 3.5.0)
Legacy Cumulus 1 release v1.9.4 (build 1099) - 28 November 2014 (a patch is available for 1.9.4 build 1099 that extends the date range of the NOAA report and Snow Index drop-down menus to 2030)

See the Wiki to download the software or click on the Downloads link in the Forum Banner.

How to enable TLS v1.2 or v1.1 for ftps?

From build 3044 the development baton passed to Mark Crossley. Mark has been responsible for all the Builds since. He has made the code available on GitHub. It is Mark's hope that others will join in this development, but at the very least he welcomes your ideas for future developments (see Cumulus MX Development suggestions).

Moderator: mcrossley

Post Reply
david3
Posts: 55
Joined: Sat 28 Jan 2012 4:03 pm
Weather Station: Davis Vantage Vue
Operating System: Raspbian Stretch
Location: Philippines
Contact:

How to enable TLS v1.2 or v1.1 for ftps?

Post by david3 »

I just upgraded from v3043 to v3050. Thank you for the updates.

I saw in the release notes that support for TLS v1.1 and TLS v1.2 has been added for ftps.

When I restrict my ftps server (vsftpd) to TLS v1.2 or TLS v1.1, CumulusMX refuses to connect. It only works if I allow TLS v1.0 (like before).

Is there something I need to do to enable or force the newer TLS versions on the CumulusMX side? A Setting, or anything?

This is the warning I get when I try to force TLS v1.2 or TLS v1.1:

Code: Select all

Warning:  FtpClient.Disconnect(): IOException caught and discarded while closing control connection: System.IO.IOException:
 The authentication or decryption has failed. ---> System.IO.IOException: Error while sending TLS Alert
 (Fatal:InternalError): System.NotSupportedException: Cannot write to a BufferedStream while the read buffer is not empty
 if the underlying stream is not seekable. Ensure that the stream underlying this BufferedStream can seek or avoid interleaving
 read and write operations on this BufferedStream.
Thanks!
Image

User avatar
mcrossley
Posts: 6490
Joined: Thu 07 Jan 2010 9:44 pm
Weather Station: Davis VP2
Operating System: Buster Lite rPi
Location: Wilmslow, Cheshire, UK
Contact:

Re: How to enable TLS v1.2 or v1.1 for ftps?

Post by mcrossley »

It should just work.

I set my test FTP server to TLS 1.2 only for testing and it connected fine, the FTP diags showed it negotiating and connecting using TLS 1.2 as well.

Switch on FTP logging and see if that shows anything.

david3
Posts: 55
Joined: Sat 28 Jan 2012 4:03 pm
Weather Station: Davis Vantage Vue
Operating System: Raspbian Stretch
Location: Philippines
Contact:

Re: How to enable TLS v1.2 or v1.1 for ftps?

Post by david3 »

I had ftp logging enabled while testing. That's where the warning message came from when it tried to connect.

Oh well, it was worth a try.
Image

User avatar
mcrossley
Posts: 6490
Joined: Thu 07 Jan 2010 9:44 pm
Weather Station: Davis VP2
Operating System: Buster Lite rPi
Location: Wilmslow, Cheshire, UK
Contact:

Re: How to enable TLS v1.2 or v1.1 for ftps?

Post by mcrossley »

And you definitely updated the FluentFTP.dll file when you upgraded?

david3
Posts: 55
Joined: Sat 28 Jan 2012 4:03 pm
Weather Station: Davis Vantage Vue
Operating System: Raspbian Stretch
Location: Philippines
Contact:

Re: How to enable TLS v1.2 or v1.1 for ftps?

Post by david3 »

Yes, it was there.

Code: Select all

-rw-r--r--  1 root root  244224 Feb  6 13:04 FluentFTP.dll
Image

Post Reply