0 votes
by (8.4k points)

(This question was converted from a comment by RajaK)

Very good evening.
am using Rebex http.dll for Weservices connection with my remote server though https.
I got one requirement to fallback to http mode if we facing below exceptions.

i. Whenever the trust between the client and server cannot be established via https
ii. When the client certificate is expired
iii. When the client certificate cannot be found
iv. When the client certificate does not have the private key
v. When the client certs fails any basic checks

- is there any Error code for above scenario that I can capture in application layer to try to reconnect with http mode?

1 Answer

0 votes
by (144k points)

Hello,

i) When the trust between the client and server cannot be established via TLS (HTTPS is HTTP over TLS), a TlsException is thrown and will appear in the exception chain cought by your application. To find the TlsException, pass the caught exception to a routine such as this one:

    private TlsException GetTlsException(Exception error)
    {
        while (error != null)
        {
            var tlsError = error as TlsException;
            if (tlsError != null)
            {
                return tlsError;
            }

            error = error.InnerException;
        }

        return null;
    }

However, we have to point out that it is strongly discouraged to fall back to HTTP mode when HTTP over TLS does not work. Doing so would make it trivial for an attacker to force your connections into unencrypted mode simply by disrupting the TLS traffic.

ii), iii), v) Once you find the TlsException using the approach described above, inspect its ProtocolMessage property. It will contain one of the following values:
CloseNotify
UnexpectedMessage
BadRecordMac
DecryptionFailed
RecordOverflow
DecompressionFailure
HandshakeFailure
NoCertificate
BadCertificate
UnsupportedCertificate
CertificateRevoked
CertificateExpired
CertificateUnknown
IllegalParameter
UnknownCa
AccessDenied
DecodeError
DecryptError
ExportRestriction
ProtocolVersion
InsufficientSecurity
InternalError
UserCanceled
NoRenegotiation
UnknownError

These correspond to TLS error alerts and include certificate errors you are interested in.

iv) When the client certificate returned by a certificate request handler doesn't is not associated with a private key, a TlsException with ProtocolMessage of "InternalError" and a Message of "Certificate does not have a private key." will be thrown. It's recommended to prevent this from occurring by making sure that the certificate retured by a custom certificate request handler has a private key - use Certificate's HasPrivateKey method to make sure.

by (110 points)
Thank You Lukas,
 The Reason (very rare case) to a idea to fallback is - our devices are in remote location and maintained  remote servers , to continue the connectivity due to https fail we thought of have fallback .
I addition to that  - kindly confirm whether we need to have the .cer file installed in Device Local even if we use .pfx for Rebex https?
by (144k points)
If the fallback actually asks the user for permission before switching to plain HTTP and informs him the connection is not going to be secure any more and that any device along the way can access or even modify the transmitted data, I guess it might be acceptable. However, it would still make it possible for an attacker with control over any of devices along the way to trigger this kind of fallback any time, so it's important to keep this in mind.
by (144k points)
I'm not quite sure what you mean by "the .cer file". These files contain a certificate with no private key. If it's a root CA or self-signed server certificate, adding it to "Trusted Root Certification Authorities" store is recomended. Either add it to "Current User" or "Local Computer" certifcate store, depending on which account you use to execute your application. If the .cer file represents the certificate part of the .pfx file which you use for client authentication, you don't have to use or add the .cer file at all.
by (110 points)
currently - I got below list of certificate .

1.8f7d0b2d-7314-4ac0-add2-b12d029982db_INT_CA.cer
2.8f7d0b2d-7314-4ac0-add2-b12d029982db_ROOT_CA.cer
3.8f7d0b2d-7314-4ac0-add2-b12d029982db.12
4.8f7d0b2d-7314-4ac0-add2-b12d029982db.pfx

- am passing the .pfx certificate to Rebex binding object as below.

  CertificateChain certificate = CertificateChain.LoadPfx(Constants.Path_AMS_PFXCertificate, "pass");
   binding.RequestCreator.Settings.SslClientCertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(certificate);

 - along with whether I need to install  *.cer and *.12 also in to device local store?
by (144k points)
The .12 is most likely a misnamed .p12, which is equivalent to .pfx. the INT_CA and ROOT_CA are intermediate CA certificate and root CA certificate. If you are passing the .pfx to Rebex API, you don't need to install any of the other files.
by (110 points)
- by passing .pfx alone, am getting below exceptions.

018-08-15 13:15:52 DEBUG HttpRequest(8)[89915594] TLS: HandshakeMessage:ServerHello was received.
2018-08-15 13:15:52 INFO HttpRequest(8)[89915594] TLS: Using TLS 1.0.
2018-08-15 13:15:52 DEBUG HttpRequest(8)[89915594] TLS: The server supports secure renegotiation.
2018-08-15 13:15:52 DEBUG HttpRequest(8)[89915594] TLS: HandshakeMessage:Certificate was received.
2018-08-15 13:15:52 DEBUG HttpRequest(8)[89915594] TLS: HandshakeMessage:ServerHelloDone was received.
2018-08-15 13:15:52 DEBUG HttpRequest(8)[89915594] TLS: Verifying server certificate ('O="Xerox State and Local Solutions, Inc.", C=US, OU=MULTI-ALLOWED, OU=SIMPLE-SSL, CN=TTOPWEB1QA').
2018-08-15 13:15:52 INFO HttpRequest(8)[89915594] TLS: Certificate verification status: IncompleteChain (65536)
2018-08-15 13:15:52 DEBUG HttpRequest(8)[89915594] TLS: Certificate verification result: UnknownAuthority
2018-08-15 13:15:52 DEBUG HttpRequest(8)[89915594] TLS: Error while processing TLS packet: Rebex.Net.TlsException: Server certificate was rejected by the verifier because of an unknown certificate authority.

 - the server certificate is validating against the localstore?
by (144k points)
Yes, server certificates are validated against current user's certificate store, which is searched for intermediate and root CA certificates. Either add the root CA into the respective store, or use EnhancedCertificateEngine which makes it possible to configure custom authorities:

var ca1 = Certificate.LoadDer("/some_path/1.8f7d0b2d-7314-4ac0-add2-b12d029982db_INT_CA.cer");
var ca2 = Certificate.LoadDer("/some_path/2.8f7d0b2d-7314-4ac0-add2-b12d029982db_ROOT_CA.cer");
var extraCertificates = new Certificate[] { ca1, ca2 };
CertificateEngine.SetCurrentEngine(new EnhancedCertificateEngine(extraCertificates));
by (110 points)
hi Lukas,
  I have installed the *.cer to the certificate store and its works for me.
 I  have another query like  for FTPs (WINCe7.0)
 I am using the FTP package 4.0.6755.0  as part of 2018 R2 release
 To enable the FTPs I have set below paramters.
        
    Ftp ftpInstanceRebex = new Ftp()
                    ftpInstanceRebex.Login(username, password);
                    _ftpInstanceRebex.KeepAlive();
                    _ftpInstanceRebex.Passive = true;
_ftpInstanceRebex.Settings.SslAllowedVersions = TlsVersion.TLS10 | TlsVersion.TLS11 | TlsVersion.TLS12;
                       _ftpInstanceRebex.Secure();
 - while trying to upload logs  below errors.
Aug 16,2018 18:43:33,000 FATAL FTPHandler]: Exception : NotSupportedException
 Stack Trace :    at System.IO.__Error.ReadNotSupported()
   at System.IO.FileStream.Read(Byte[] array, Int32 offset, Int32 count)
   at Rebex.Net.Ftp.bmfd(String hk, String hl, Stream hm, Int64 hn, Int64 ho, arxf hp)
   at Rebex.Net.Ftp.PutFile(Stream sourceStream, String remotePath, Int64 remoteOffset, Int64 length)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()

[Aug 16,2018 18:55:49,000 INFO  FTPHandler]: [FTPHandler] : Response : 550 The supplied message is incomplete. The signature was not verified.

[Aug 16,2018 18:56:04,000 FATAL FTPHandler]: Exception : Connection was closed by the remote connection end.

[Aug 16,2018 18:56:04,000 FATAL FTPHandler]: Exception : Socket was closed.


 - server side TLS1.0/TLS1.1/TLS1.2 enabled and using the port 2121 and login credential.
 - since this for WINCE supported version am not seeing the Logwriter  classs to enable and dump the logs.
 - we are using the cutomcertificactevalidation to check the - expiry check alone.

 - hence request you help to understand the issue .
by (144k points)
- The NotSupportedException is most likely caused by passing a non-readable FileStream to Ftp.PutFile method.
- The "The supplied message is incomplete" might be caused by a server-side bug. Which FTP server do you use? The following applies to MS FTP: https://support.microsoft.com/en-us/help/2888853/fix-the-supplied-message-is-incomplete-error-when-you-use-an-ftps-clie
- .NET CF version of Rebex FTP/SSL does actually include both Rebex.ILogWriter interface and Rebex.FileLogWriter class.
by (110 points)
Hi Lukas,
  I was checking with Server Team  - they were telling like  the WINCDOWS 10 devices are connecting thorugh FTPS through same TLS12 and only the CE devices I not conncetring

Below is the server logs captured:
Line 1094149: 2018-08-23 22:36:11 10.32.128.173 - 10.36.88.183 2121 ControlChannelOpened - - 0 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 -
    Line 1094150: 2018-08-23 22:36:12 10.32.128.173 - 10.36.88.183 2121 AUTH TLS 234 0 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 -
    Line 1094151: 2018-08-23 22:36:15 10.32.128.173 - 10.36.88.183 2121 USER ttopgsm1qa\gsmftp 331 0 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 -
    Line 1094152: 2018-08-23 22:36:15 10.32.128.173 TTOPGSM1QA\GSMFTP 10.36.88.183 2121 PASS *** 230 0 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 /
    Line 1094153: 2018-08-23 22:36:15 10.32.128.173 TTOPGSM1QA\GSMFTP 10.36.88.183 2121 FEAT - 211 0 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 -
    Line 1094154: 2018-08-23 22:36:16 10.32.128.173 TTOPGSM1QA\GSMFTP 10.36.88.183 2121 OPTS UTF8+ON 200 0 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 -
    Line 1094155: 2018-08-23 22:36:16 10.32.128.173 TTOPGSM1QA\GSMFTP 10.36.88.183 2121 NOOP - 200 0 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 -
    Line 1094156: 2018-08-23 22:36:16 10.32.128.173 TTOPGSM1QA\GSMFTP 10.36.88.183 2121 TYPE I 200 0 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 -
    Line 1094157: 2018-08-23 22:36:16 10.32.128.173 TTOPGSM1QA\GSMFTP 10.36.88.183 2121 MDTM . 550 161 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 /
    Line 1094158: 2018-08-23 22:36:16 10.32.128.173 TTOPGSM1QA\GSMFTP 10.36.88.183 2121 SIZE . 550 5 2 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 /
    Line 1094159: 2018-08-23 22:36:16 10.32.128.173 TTOPGSM1QA\GSMFTP 10.36.88.183 2121 PWD - 257 0 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 -
    Line 1094160: 2018-08-23 22:36:17 10.32.128.173 TTOPGSM1QA\GSMFTP 10.36.88.183 2121 CWD /SEPTA/Upload\f052a66d-f0c5-40eb-96b0-0edfc179a5d7 250 0 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 /SEPTA/Upload/f052a66d-f0c5-40eb-96b0-0edfc179a5d7
    Line 1094161: 2018-08-23 22:36:17 10.32.128.173 TTOPGSM1QA\GSMFTP 10.36.88.183 2121 CWD / 250 0 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 /
    Line 1094162: 2018-08-23 22:36:17 10.32.128.173 TTOPGSM1QA\GSMFTP 10.36.88.183 2121 CWD /SEPTA/Upload\f052a66d-f0c5-40eb-96b0-0edfc179a5d7 250 0 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 /SEPTA/Upload/f052a66d-f0c5-40eb-96b0-0edfc179a5d7
    Line 1095759: 2018-08-23 22:38:26 10.32.128.173 TTOPGSM1QA\GSMFTP 10.36.88.183 2121 ControlChannelClosed - - 258 0 dd3bb6dc-ea0e-4e09-9b3d-2c345ba764a8 -

 - The Control channel is getting closed.
 - is there way to do further debug in device side.
I will add client side logs also in next comment
by (110 points)
FTP client side logging is :

[Aug 23,2018 12:15:49,000 INFO  FTPHandler]: [FTPHandler] : Response : 220 Microsoft FTP Service
[Aug 23,2018 12:15:49,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Ready
[Aug 23,2018 12:15:50,000 ERROR FTPHandler]: FTPS ENABLED
[Aug 23,2018 12:15:50,000 ERROR FTPHandler]: FTPS ENABLED TLS Protocol VersionTLS10, TLS11, TLS12
[Aug 23,2018 12:15:50,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Sending
[Aug 23,2018 12:15:50,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Reading
[Aug 23,2018 12:15:50,000 INFO  FTPHandler]: [FTPHandler] : Response : 234 AUTH command ok. Expecting TLS Negotiation.
[Aug 23,2018 12:15:50,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Ready
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Sending
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Reading
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response : 331 Password required for ttopgsm1qa\gsmftp.
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Processing
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Sending
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Reading
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response : 230 User logged in.
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Ready
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Sending
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Reading
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response : 211-Extended features supported:
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response :  LANG EN*
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response :  UTF8
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response :  AUTH TLS;TLS-C;SSL;TLS-P;
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response :  PBSZ
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response :  PROT C;P;
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response :  CCC
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response :  HOST
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response :  SIZE
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response :  MDTM
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response :  REST STREAM
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response : 211 END
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Ready
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Sending
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Reading
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response : 200 OPTS UTF8 command successful - UTF8 encoding now ON.
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Ready
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Sending
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Reading
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : Response : 200 NOOP command successful.
[Aug 23,2018 12:15:53,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Ready
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Sending
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Reading
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : Response : 200 Type set to I.
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Ready
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Sending
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Reading
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : Response : 550 The specified path is invalid.
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Ready
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Sending
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Reading
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : Response : 550 Access is denied.
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Ready
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Sending
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Reading
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : Response : 257 "/" is current directory.
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Ready
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Sending
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Reading
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : Response : 250 CWD command successful.
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Ready
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Sending
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Reading
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : Response : 250 CWD command successful.
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Ready
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Sending
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Reading
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : Response : 250 CWD command successful.
[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : State Changed : Ready
by (70.2k points)
Can you please create the log using Rebex.FileLogWriter object. It seems that above log is not complete:

[Aug 23,2018 12:15:54,000 INFO  FTPHandler]: [FTPHandler] : Response : 550 The specified path is invalid.

But there is no command in the log, which uses a path.

The log can be created like this:

ftpInstanceRebex.LogWriter = new Rebex.FileLogWriter("/Storage Card/ftp.log", Rebex.LogLevel.Debug);
by (110 points)
Below is the Logs captured:
Part1:
2018-08-24 10:37:40 Opening log file.
2018-08-24 10:37:40 INFO FileLogWriter(1)[86966390] Info: Assembly: Rebex.Common 2018 R2 for .NET Compact Framework 3.5
2018-08-24 10:37:40 INFO FileLogWriter(1)[86966390] Info: Platform: Windows CE 7.0.2882 32-bit; CLR: 3.5.14223.0
2018-08-24 10:37:40 DEBUG FileLogWriter(1)[86966390] Info: Culture: en; windows-1252
2018-08-24 10:37:40 INFO Ftp(1)[86966390] Command: AUTH TLS
2018-08-24 10:37:40 INFO Ftp(1)[86966390] Response: 234 AUTH command ok. Expecting TLS Negotiation.
2018-08-24 10:37:40 DEBUG Ftp(1)[86966390] Info: Upgrading control connection to TLS/SSL.
2018-08-24 10:37:41 INFO Ftp(1)[86966390] TLS: State StateChange:Negotiating
2018-08-24 10:37:41 DEBUG Ftp(1)[86966390] TLS: HandshakeMessage:ClientHello was sent.
2018-08-24 10:37:41 DEBUG Ftp(1)[86966390] TLS: HandshakeMessage:ServerHello was received.
2018-08-24 10:37:41 INFO Ftp(1)[86966390] TLS: Using TLS 1.2.
2018-08-24 10:37:41 DEBUG Ftp(1)[86966390] TLS: The server supports secure renegotiation.
2018-08-24 10:37:42 DEBUG Ftp(1)[86966390] TLS: HandshakeMessage:Certificate was received.
2018-08-24 10:37:42 DEBUG Ftp(1)[86966390] TLS: HandshakeMessage:ServerHelloDone was received.
2018-08-24 10:37:42 DEBUG Ftp(1)[86966390] TLS: Verifying server certificate ('O="Xerox State and Local Solutions, Inc.", C=US, OU=MULTI-ALLOWED, OU=SIMPLE-SSL, CN=ttopgsm1qa.tttssdev.local').
2018-08-24 10:37:42 DEBUG Ftp(1)[86966390] TLS: Certificate verification result: Accept
2018-08-24 10:37:42 DEBUG Ftp(1)[86966390] TLS: HandshakeMessage:ClientKeyExchange was sent.
2018-08-24 10:37:43 DEBUG Ftp(1)[86966390] TLS: CipherSpec:ChangeCipherSpec was sent.
2018-08-24 10:37:43 DEBUG Ftp(1)[86966390] TLS: HandshakeMessage:Finished was sent.
2018-08-24 10:37:43 DEBUG Ftp(1)[86966390] TLS: CipherSpec:ChangeCipherSpec was received.
2018-08-24 10:37:43 DEBUG Ftp(1)[86966390] TLS: HandshakeMessage:Finished was received.
2018-08-24 10:37:43 INFO Ftp(1)[86966390] TLS: State StateChange:Secured
2018-08-24 10:37:43 INFO Ftp(1)[86966390] TLS: Connection secured using cipher: TLS 1.2, RSA, TripleDES with 168-bit key in CBC mode, SHA1
2018-08-24 10:37:43 DEBUG Ftp(1)[86966390] TLS: Session ID:
 0000 |44-18-00-00-51-65-3A-B9 4A-89-A6-30-36-27-77-49| D...Qe:.J..06'wI
 0010 |D4-AC-88-0B-E2-08-3F-68 DE-BB-61-B8-DC-0D-58-97| ......?h..a...X.
2018-08-24 10:37:43 DEBUG Ftp(1)[86966390] Info: Control connection upgraded to TLS/SSL.
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Command: USER xxx\xxx
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response: 331 Password required for xxx\xxx.
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Command: PASS **********
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response: 230 User logged in.
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Command: FEAT
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response: 211-Extended features supported:
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response:  LANG EN*
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response:  UTF8
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response:  AUTH TLS;TLS-C;SSL;TLS-P;
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response:  PBSZ
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response:  PROT C;P;
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response:  CCC
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response:  HOST
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response:  SIZE
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response:  MDTM
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response:  REST STREAM
2018-08-24 10:37:43 INFO Ftp(1)[86966390] Response: 211 END
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Command: OPTS UTF8 ON
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON.
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Command: NOOP
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Response: 200 NOOP command successful.
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Command: TYPE I
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Response: 200 Type set to I.
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Command: MDTM .
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Response: 550 The specified path is invalid.
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Command: SIZE .
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Response: 550 Access is denied.
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Command: PWD
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Response: 257 "/" is current directory.
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Command: CWD /SEPTA/Upload\f052a66d-f0c5-40eb-96b0-0edfc179a5d7
2018-08-24 10:37:44 INFO Ftp(1)[86966390] Response: 250 CWD command successful.
2018-08-24 10:37:45 INFO Ftp(1)[86966390] Command: CWD /
2018-08-24 10:37:45 INFO Ftp(1)[86966390] Response: 250 CWD command successful.
2018-08-24 10:37:45 INFO Ftp(1)[86966390] Command: CWD /SEPTA/Upload\f052a66d-f0c5-40eb-96b0-0edfc179a5d7
2018-08-24 10:37:45 INFO Ftp(1)[86966390] Response: 250 CWD command successful.
by (110 points)
Part2:
2018-08-24 10:40:24 DEBUG Ftp(1)[76811706] TLS: Error while sending data over TLS: System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.Socket.SendNoCheck(Byte[] buffer, Int32 index, Int32 size, SocketFlags socketFlags)
   at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at tsvy.Send(Byte[] buffer, Int32 offset, Int32 count, SocketFlags socketFlags)
   at Rebex.Net.ProxySocket.Send(Byte[] buffer, Int32 offset, Int32 count, SocketFlags socketFlags)
   at ttac.nkjw()
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()

2018-08-24 10:40:24 INFO Ftp(1)[76811706] TLS: Alert Alert:Alert was sent.
2018-08-24 10:40:24 INFO Ftp(1)[76811706] TLS: State StateChange:Closed
2018-08-24 10:40:24 ERROR Ftp(1)[76811706] Info: Rebex.Net.TlsException: Connection was closed by the remote connection end. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.Socket.SendNoCheck(Byte[] buffer, Int32 index, Int32 size, SocketFlags socketFlags)
   at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at tsvy.Send(Byte[] buffer, Int32 offset, Int32 count, SocketFlags socketFlags)
   at Rebex.Net.ProxySocket.Send(Byte[] buffer, Int32 offset, Int32 count, SocketFlags socketFlags)
   at ttac.nkjw()
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()

   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()

2018-08-24 10:40:24
by (110 points)
Part 3:
ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:24 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:24 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:24 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()

2018-08-24 10:40:25 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:25 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:25 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:25 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()
2018-08-24 10:40:25 ERROR Ftp(1)[76811706] Info: System.InvalidOperationException: Socket was closed.
   at ttac.nkjz(Byte[] ajr, Int32 ajs, Int32 ajt)
   at Rebex.Net.TlsSocket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ansh.stpt(Byte[] op)
   at Rebex.Net.Ftp.bmck(String cx)
   at Rebex.Net.Ftp.bmcm(String cz, String da)
   at Rebex.Net.Ftp.bmes(String gk)
   at Rebex.Net.Ftp.bmgd(String ko)
   at Rebex.Net.Ftp.FileExists(String remotePath)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.Upload(FTPPackage package)
   at Xerox.PPS.Libraries.Utilities.FTPHandler.WorkerThreadCallBack()

 - pelase share mail Id to send. the log file
by (70.2k points)
You can send it to support@rebex.net - also, email is preferred communication support channel. However, if you prefer forum.rebex.net you can continue using it. It is up to you.

I will wait for the log, and I will reply to your email.
by (110 points)
I have just forwarded the logs  Lukas.
by (70.2k points)
Thank you, I will reply in minute.
by (110 points)
Hi Lukas,
 Very Good morning ,
  We are using Rebex client for  - TLS12  - for Webservices over https - we are observing below scenarios.

1.Whenever the device  - Establishing the connection with Server , the Alerts  which  the device sent is reaching the server with  in 2 to 4 seconds
2.If we leave the Device for  1 hour idle the same alerts will take around 20 seconds.

  - hence we requesting your help to understood whether is the Any Keep alive concepts is available for  https/TLS12  - to keep the session created for particular server for a while  ,
To avoid disconnect the session after timed out and establishing with  following all process like  - Certificate verification ,TLS12 negotiation and all ?
by (70.2k points)
Hi RajaK, I converted your comment to new question. But I forgot to write it here.
Sorry for delay, please find the answer at http://forum.rebex.net/9530/how-to-keep-alive-http-session
...