Page 1 of 1

How to enable TLS v1.2 or v1.1 for ftps?

Posted: Fri 12 Jul 2019 11:39 am
by david3
I just upgraded from v3043 to v3050. Thank you for the updates.

I saw in the release notes that support for TLS v1.1 and TLS v1.2 has been added for ftps.

When I restrict my ftps server (vsftpd) to TLS v1.2 or TLS v1.1, CumulusMX refuses to connect. It only works if I allow TLS v1.0 (like before).

Is there something I need to do to enable or force the newer TLS versions on the CumulusMX side? A Setting, or anything?

This is the warning I get when I try to force TLS v1.2 or TLS v1.1:

Code: Select all

Warning:  FtpClient.Disconnect(): IOException caught and discarded while closing control connection: System.IO.IOException:
 The authentication or decryption has failed. ---> System.IO.IOException: Error while sending TLS Alert
 (Fatal:InternalError): System.NotSupportedException: Cannot write to a BufferedStream while the read buffer is not empty
 if the underlying stream is not seekable. Ensure that the stream underlying this BufferedStream can seek or avoid interleaving
 read and write operations on this BufferedStream.
Thanks!

Re: How to enable TLS v1.2 or v1.1 for ftps?

Posted: Fri 12 Jul 2019 3:52 pm
by mcrossley
It should just work.

I set my test FTP server to TLS 1.2 only for testing and it connected fine, the FTP diags showed it negotiating and connecting using TLS 1.2 as well.

Switch on FTP logging and see if that shows anything.

Re: How to enable TLS v1.2 or v1.1 for ftps?

Posted: Fri 12 Jul 2019 4:13 pm
by david3
I had ftp logging enabled while testing. That's where the warning message came from when it tried to connect.

Oh well, it was worth a try.

Re: How to enable TLS v1.2 or v1.1 for ftps?

Posted: Fri 12 Jul 2019 6:48 pm
by mcrossley
And you definitely updated the FluentFTP.dll file when you upgraded?

Re: How to enable TLS v1.2 or v1.1 for ftps?

Posted: Fri 12 Jul 2019 7:06 pm
by david3
Yes, it was there.

Code: Select all

-rw-r--r--  1 root root  244224 Feb  6 13:04 FluentFTP.dll