FTPS TLS versions - WeOnlyDo Discussion board

FTPS TLS versions (wodFtpDLX / wodFtpDLX.NET)

by dfb, Thursday, March 09, 2023, 01:29 (353 days ago)

Hi guys,

We are having an issue with FTPS connections on TLS 1.2. It was working previously, but we have recently disabled TLS 1.0 and 1.1 on our server for security.

We noticed the documentation for the SslProtocols enumeration mentions TLS v1 but not other versions.

Is TLS 1.2 currently supported for FTPS?

Thanks.

FTPS TLS versions

by wodSupport, Thursday, March 09, 2023, 14:16 (352 days ago) @ dfb

Hi.

You didn't specify which component you refer to, but TLS1.2 is support in both wodFtpDLX and wodFtpDLX.NET

Regards,
Jasmine

FTPS TLS versions

by dfb, Thursday, March 09, 2023, 23:37 (352 days ago) @ wodSupport

Hi Jasmine, thanks for the response. It's wodFtpDLX.NET and we're currently using 1.9.3.265.

We found that when we disabled TLS 1.0 (Client, eg outbound connections) on Windows, the FTPS connection could not be made; we would get this error: The client and server cannot communicate, because they do not possess a common algorithm

Re-enabling TLS 1.0 worked. We are told the other party supports TLS 1.2.

Should we try 1.9.4?

Regards

Hi.

You didn't specify which component you refer to, but TLS1.2 is support in both wodFtpDLX and wodFtpDLX.NET

Regards,
Jasmine

FTPS TLS versions

by wodSupport, Friday, March 10, 2023, 00:13 (352 days ago) @ dfb

Hi.

wodFtpDLX.NET uses .NET framework's TLS mechanism, so if it's support by .NET framework, it's supported by wodFtpDLX.NET. Changing wodFtpDLX.NET version will not make a difference.

Regards,
Jasmine

FTPS TLS versions

by dfb, Wednesday, April 12, 2023, 05:24 (319 days ago) @ wodSupport

Thanks Jasmine.

We have done some further testing.

We are finding that with wodFtpDLX.NET 1.9.4.268 (and earlier versions) the FTPS connection is okay if TLS 1.0 is enabled at both the server and the client.

If TLS 1.0 is disabled at either end, the connection can't be made. The .Connect method throws an error: "System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at WeOnlyDo.Client.FtpDLX.Connect()"

Any ideas on other things we can try?

Regards

Hi.

wodFtpDLX.NET uses .NET framework's TLS mechanism, so if it's support by .NET framework, it's supported by wodFtpDLX.NET. Changing wodFtpDLX.NET version will not make a difference.

Regards,
Jasmine

FTPS TLS versions

by Jasmine, Wednesday, April 12, 2023, 08:46 (319 days ago) @ dfb

Hi.

I just tried with public FTP server, as suggested here with OpenSSL https://sockettools.com/kb/testing-secure-connections-with-openssl/ under "checking FTP servers". I did set

ftp1.SecureMethod = System.Security.Authentication.SslProtocols.Tls12;

to force TLS12. I did connect successfully, and in wodFtpDLX.NET after connection was made I did

Console.WriteLine("SSL Protocol : " + m_SSLStream.SslProtocol.ToString().ToUpper());

and I got TLS1.2 as response. So, wodFtpDLX.NET does support TLS1.2 since it uses SSLStream, so it's all up to NET framework.

I can't say about your tests or servers or settings. But it is supported.

Regards

FTPS TLS versions

by dfb, Thursday, April 13, 2023, 02:05 (318 days ago) @ Jasmine

Thank you Jasmine!

It appears that setting the SecureMethod to 1.2 will resolve the issue.

Perhaps it defaults to 1.0 if not specified, which won't work if 1.0 is blocked by the operating system.

Thanks again.