FTPS raise exception : Handshake failure

0 votes
asked Sep 28 by lanopk (450 points)

Hi.
I built Ubuntu Server and vsftpd server with ssl mode(default setting) and connect with ssl settings, but Handshake failure exception raised.

  • RaiFtp is inheritance class of Rebex Ftp.
  • FileZilla is sucessfully connect and listing.

My Code:

if (IsConnected == false)
{
    Passive = UsePassive;

    AbortTimeout = 1000; // minimum value, default 3000
    if (UseSSL)
    {
        Settings.SslAcceptAllCertificates = true;
        Settings.SslAllowedVersions = TlsVersion.Any;
        Settings.SslAllowedSuites = TlsCipherSuite.All;
        Settings.SslAllowedCurves = TlsEllipticCurve.All;

        Connect(FtpAddress, FtpPort, SslMode.Explicit);
    }
    else
    {
        Connect(FtpAddress, FtpPort);
    }

    Login(UserID, Password);
}

Log:

2017-09-28 14:51:33.423 Opening log file.
2017-09-28 14:51:33.423 Using FileLogWriter version 2.5.6461.0.
2017-09-28 14:51:35.287 INFO RaiFtp(1)[5] Info: Connecting to 192.168.0.5:21 using Ftp.
2017-09-28 14:51:35.289 INFO RaiFtp(1)[5] Info: Assembly: Rebex.Ftp 2017 R5 for .NET 4.0-4.7
2017-09-28 14:51:35.290 DEBUG RaiFtp(1)[5] Info: Platform: Windows 10.0.15063 64-bit; CLR: 4.0.30319.42000
2017-09-28 14:51:35.290 DEBUG RaiFtp(1)[5] Info: Culture: ko; ks_c_5601-1987
2017-09-28 14:51:35.291 INFO RaiFtp(1)[5] Info: Using proxy none.
2017-09-28 14:51:35.305 DEBUG ProxySocket(1)[5] Proxy: Connecting to none proxy at 192.168.0.5:21.
2017-09-28 14:51:35.307 DEBUG RaiFtp(1)[5] Info: Connection succeeded.
2017-09-28 14:51:35.315 VERBOSE RaiFtp(1)[5] Info: Received data over control connection: 
 0000 |32-32-30-20-28-76-73-46 54-50-64-20-33-2E-30-2E| 220 (vsFTPd 3.0.
 0010 |33-29-0D-0A                                    | 3)..
2017-09-28 14:51:35.316 INFO RaiFtp(1)[5] Response: 220 (vsFTPd 3.0.3)
2017-09-28 14:51:35.322 VERBOSE RaiFtp(1)[5] Info: Sent data over control connection: 
 0000 |41-55-54-48-20-54-4C-53 0D-0A                  | AUTH TLS..
2017-09-28 14:51:35.322 INFO RaiFtp(1)[5] Command: AUTH TLS
2017-09-28 14:51:35.322 VERBOSE RaiFtp(1)[5] Info: Received data over control connection: 
 0000 |32-33-34-20-50-72-6F-63 65-65-64-20-77-69-74-68| 234 Proceed with
 0010 |20-6E-65-67-6F-74-69-61 74-69-6F-6E-2E-0D-0A   |  negotiation...
2017-09-28 14:51:35.322 INFO RaiFtp(1)[5] Response: 234 Proceed with negotiation.
2017-09-28 14:51:35.323 DEBUG RaiFtp(1)[5] Info: Upgrading control connection to TLS/SSL.
2017-09-28 14:51:35.453 VERBOSE RaiFtp(1)[5] TLS: Sent TLS packet: 
 0000 |16-03-03-00-B5-01-00-00 B1-03-03-59-CC-8D-E7-86| ...........Y....
 0010 |CD-78-9D-FC-D2-1C-7B-26 09-71-45-08-45-9F-77-D5| .x....{&.qE.E.w.
 0020 |AD-4F-93-F0-75-2A-EC-E8 63-41-53-00-00-44-C0-23| .O..u*..cAS..D.#
 0030 |C0-24-C0-27-C0-28-C0-09 C0-0A-C0-13-C0-14-00-6B| .$.'.(.........k
 0040 |00-67-00-3D-00-3C-00-6A 00-40-00-33-00-39-00-2F| .g.=.<.j.@.3.9./
 0050 |00-35-00-32-00-38-C0-08 C0-12-00-16-00-0A-00-13| .5.2.8..........
 0060 |C0-07-C0-11-00-05-00-04 00-66-00-15-00-09-00-12| .........f......
 0070 |00-FF-01-00-00-44-00-00 00-10-00-0E-00-00-0B-31| .....D.........1
 0080 |39-32-2E-31-36-38-2E-30 2E-35-00-0A-00-10-00-0E| 92.168.0.5......
 0090 |00-17-00-18-00-19-00-1A 00-1B-00-1C-00-1D-00-0B| ................
 00A0 |00-02-01-00-00-0D-00-12 00-10-04-01-04-03-05-01| ................
 00B0 |05-03-06-01-06-03-02-01 02-02                  | ..........
2017-09-28 14:51:35.455 INFO RaiFtp(1)[5] TLS: State StateChange:Negotiating
2017-09-28 14:51:35.455 DEBUG RaiFtp(1)[5] TLS: HandshakeMessage:ClientHello was sent.
2017-09-28 14:51:35.459 VERBOSE RaiFtp(1)[5] TLS: Received TLS packet: 
 0000 |15-03-03-00-02-02-28                           | ......(
2017-09-28 14:51:35.460 INFO RaiFtp(1)[5] TLS: Alert Alert:Alert was received.
2017-09-28 14:51:35.470 DEBUG RaiFtp(1)[5] TLS: Error while processing TLS packet: Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
   위치: Rebex.Net.TMO.GY(Byte[] C, Int32 R, Int32 O)
   위치: Rebex.Net.JMO.DC(Byte[] C, Int32 R, Int32 O)
   위치: Rebex.Net.JMO.TC()
2017-09-28 14:51:35.472 INFO RaiFtp(1)[5] TLS: State StateChange:Closed
2017-09-28 14:51:35.473 DEBUG RaiFtp(1)[5] TLS: Closing TLS socket.
2017-09-28 14:51:35.474 ERROR RaiFtp(1)[5] Info: Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
   위치: Rebex.Net.TMO.GY(Byte[] C, Int32 R, Int32 O)
   위치: Rebex.Net.JMO.DC(Byte[] C, Int32 R, Int32 O)
   위치: Rebex.Net.JMO.TC()
   --- 내부 예외 스택 추적의 끝 ---
   위치: Rebex.Net.JMO.TC()
   위치: Rebex.Net.JMO.BC()
   위치: Rebex.Net.ZRO.BP(TlsParameters C)
   위치: Rebex.Net.Ftp.BU(TlsParameters C, FtpSecureUpgradeType R)
   위치: Rebex.Net.Ftp.ZT(String C, Int32 R, TlsParameters O, SslMode I, FtpSecureUpgradeType D)
   --- 내부 예외 스택 추적의 끝 ---
   위치: Rebex.Net.Ftp.ZT(String C, Int32 R, TlsParameters O, SslMode I, FtpSecureUpgradeType D)
Applies to: Rebex FTP/SSL
commented Sep 28 by lanopk (450 points)
int the vsftpd.conf, I add this and sucessfully connect.

ssl_ciphers=HIGH

But I want connect without this setting.

1 Answer

+1 vote
answered Sep 28 by Lukas Pokorny (87,030 points)
edited Oct 31 by Lukas Pokorny
 
Best answer

I have been able to reproduce this issue. Apparently, the default value of vsftpd's ssl_ciphers is something even stronger than HIGH (the documentation is outdated):

  1. With ssl_ciphers=HIGH, Rebex FTP/SSL was able to connect with pretty much any of the RSA+AES ciphers.

  2. With ssl_ciphers commented out (default), the only cipher that worked was TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, which will be supported in the forthcoming Rebex FTP/SSL 2017 R6.

Update: Rebex FTP/SSL 2017 R6 with AES/GCM support has been released.

commented Oct 10 by lanopk (450 points)
The test was delayed because there was a long holiday in Korea.

In beta version, works fine without 'ssl_ciphers=HIGH' option.
I am waiting for your final release.
Thank you.
...