Welcome to the Cumulus Support forum.

Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024

Cumulus MX V4 beta test release 4.0.0 (build 4018) - 28 March 2024

Legacy Cumulus 1 release v1.9.4 (build 1099) - 28 November 2014 (a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)

Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki

How to enable TLS v1.2 or v1.1 for ftps?

From build 3044 the development baton passed to Mark Crossley. Mark has been responsible for all the Builds since. He has made the code available on GitHub. It is Mark's hope that others will join in this development, but at the very least he welcomes your ideas for future developments (see Cumulus MX Development suggestions).

Moderator: mcrossley

Post Reply
david3
Posts: 63
Joined: Sat 28 Jan 2012 4:03 pm
Weather Station: Davis Vantage Vue
Operating System: Debian 12 64bit for rpi

How to enable TLS v1.2 or v1.1 for ftps?

Post by david3 »

I just upgraded from v3043 to v3050. Thank you for the updates.

I saw in the release notes that support for TLS v1.1 and TLS v1.2 has been added for ftps.

When I restrict my ftps server (vsftpd) to TLS v1.2 or TLS v1.1, CumulusMX refuses to connect. It only works if I allow TLS v1.0 (like before).

Is there something I need to do to enable or force the newer TLS versions on the CumulusMX side? A Setting, or anything?

This is the warning I get when I try to force TLS v1.2 or TLS v1.1:

Code: Select all

Warning:  FtpClient.Disconnect(): IOException caught and discarded while closing control connection: System.IO.IOException:
 The authentication or decryption has failed. ---> System.IO.IOException: Error while sending TLS Alert
 (Fatal:InternalError): System.NotSupportedException: Cannot write to a BufferedStream while the read buffer is not empty
 if the underlying stream is not seekable. Ensure that the stream underlying this BufferedStream can seek or avoid interleaving
 read and write operations on this BufferedStream.
Thanks!
User avatar
mcrossley
Posts: 12695
Joined: Thu 07 Jan 2010 9:44 pm
Weather Station: Davis VP2/WLL
Operating System: Bullseye Lite rPi
Location: Wilmslow, Cheshire, UK
Contact:

Re: How to enable TLS v1.2 or v1.1 for ftps?

Post by mcrossley »

It should just work.

I set my test FTP server to TLS 1.2 only for testing and it connected fine, the FTP diags showed it negotiating and connecting using TLS 1.2 as well.

Switch on FTP logging and see if that shows anything.
david3
Posts: 63
Joined: Sat 28 Jan 2012 4:03 pm
Weather Station: Davis Vantage Vue
Operating System: Debian 12 64bit for rpi

Re: How to enable TLS v1.2 or v1.1 for ftps?

Post by david3 »

I had ftp logging enabled while testing. That's where the warning message came from when it tried to connect.

Oh well, it was worth a try.
User avatar
mcrossley
Posts: 12695
Joined: Thu 07 Jan 2010 9:44 pm
Weather Station: Davis VP2/WLL
Operating System: Bullseye Lite rPi
Location: Wilmslow, Cheshire, UK
Contact:

Re: How to enable TLS v1.2 or v1.1 for ftps?

Post by mcrossley »

And you definitely updated the FluentFTP.dll file when you upgraded?
david3
Posts: 63
Joined: Sat 28 Jan 2012 4:03 pm
Weather Station: Davis Vantage Vue
Operating System: Debian 12 64bit for rpi

Re: How to enable TLS v1.2 or v1.1 for ftps?

Post by david3 »

Yes, it was there.

Code: Select all

-rw-r--r--  1 root root  244224 Feb  6 13:04 FluentFTP.dll
Post Reply