Welcome to the Cumulus Support forum.

Latest Cumulus MX release v3.1.2 build 3055 - 4 November 2019.
Legacy Cumulus 1 release v1.9.4 (build 1099) - 28 November 2014

See the Wiki for downloading either version.

How to enable TLS v1.2 or v1.1 for ftps?

Discussion of version 3 of Cumulus, which runs on Windows, Linux, and OS X. All Cumulus MX queries in here, please.

Moderator: mcrossley

Post Reply
david3
Posts: 55
Joined: Sat 28 Jan 2012 4:03 pm
Weather Station: Davis Vantage Vue
Operating System: Raspbian Stretch
Location: Philippines
Contact:

How to enable TLS v1.2 or v1.1 for ftps?

Post by david3 » Fri 12 Jul 2019 11:39 am

I just upgraded from v3043 to v3050. Thank you for the updates.

I saw in the release notes that support for TLS v1.1 and TLS v1.2 has been added for ftps.

When I restrict my ftps server (vsftpd) to TLS v1.2 or TLS v1.1, CumulusMX refuses to connect. It only works if I allow TLS v1.0 (like before).

Is there something I need to do to enable or force the newer TLS versions on the CumulusMX side? A Setting, or anything?

This is the warning I get when I try to force TLS v1.2 or TLS v1.1:

Code: Select all

Warning:  FtpClient.Disconnect(): IOException caught and discarded while closing control connection: System.IO.IOException:
 The authentication or decryption has failed. ---> System.IO.IOException: Error while sending TLS Alert
 (Fatal:InternalError): System.NotSupportedException: Cannot write to a BufferedStream while the read buffer is not empty
 if the underlying stream is not seekable. Ensure that the stream underlying this BufferedStream can seek or avoid interleaving
 read and write operations on this BufferedStream.
Thanks!
Image

User avatar
mcrossley
Posts: 5734
Joined: Thu 07 Jan 2010 9:44 pm
Weather Station: Davis VP2
Operating System: Stretch Lite rPi
Location: Wilmslow, Cheshire, UK
Contact:

Re: How to enable TLS v1.2 or v1.1 for ftps?

Post by mcrossley » Fri 12 Jul 2019 3:52 pm

It should just work.

I set my test FTP server to TLS 1.2 only for testing and it connected fine, the FTP diags showed it negotiating and connecting using TLS 1.2 as well.

Switch on FTP logging and see if that shows anything.

david3
Posts: 55
Joined: Sat 28 Jan 2012 4:03 pm
Weather Station: Davis Vantage Vue
Operating System: Raspbian Stretch
Location: Philippines
Contact:

Re: How to enable TLS v1.2 or v1.1 for ftps?

Post by david3 » Fri 12 Jul 2019 4:13 pm

I had ftp logging enabled while testing. That's where the warning message came from when it tried to connect.

Oh well, it was worth a try.
Image

User avatar
mcrossley
Posts: 5734
Joined: Thu 07 Jan 2010 9:44 pm
Weather Station: Davis VP2
Operating System: Stretch Lite rPi
Location: Wilmslow, Cheshire, UK
Contact:

Re: How to enable TLS v1.2 or v1.1 for ftps?

Post by mcrossley » Fri 12 Jul 2019 6:48 pm

And you definitely updated the FluentFTP.dll file when you upgraded?

david3
Posts: 55
Joined: Sat 28 Jan 2012 4:03 pm
Weather Station: Davis Vantage Vue
Operating System: Raspbian Stretch
Location: Philippines
Contact:

Re: How to enable TLS v1.2 or v1.1 for ftps?

Post by david3 » Fri 12 Jul 2019 7:06 pm

Yes, it was there.

Code: Select all

-rw-r--r--  1 root root  244224 Feb  6 13:04 FluentFTP.dll
Image

Post Reply