FTPS TLS versions (wodFtpDLX / wodFtpDLX.NET)
by dfb, Thursday, March 09, 2023, 01:29 (623 days ago)
Hi guys,
We are having an issue with FTPS connections on TLS 1.2. It was working previously, but we have recently disabled TLS 1.0 and 1.1 on our server for security.
We noticed the documentation for the SslProtocols enumeration mentions TLS v1 but not other versions.
Is TLS 1.2 currently supported for FTPS?
Thanks.
FTPS TLS versions
by wodSupport, Thursday, March 09, 2023, 14:16 (623 days ago) @ dfb
Hi.
You didn't specify which component you refer to, but TLS1.2 is support in both wodFtpDLX and wodFtpDLX.NET
Regards,
Jasmine
FTPS TLS versions
by dfb, Thursday, March 09, 2023, 23:37 (622 days ago) @ wodSupport
Hi Jasmine, thanks for the response. It's wodFtpDLX.NET and we're currently using 1.9.3.265.
We found that when we disabled TLS 1.0 (Client, eg outbound connections) on Windows, the FTPS connection could not be made; we would get this error: The client and server cannot communicate, because they do not possess a common algorithm
Re-enabling TLS 1.0 worked. We are told the other party supports TLS 1.2.
Should we try 1.9.4?
Regards
Hi.
You didn't specify which component you refer to, but TLS1.2 is support in both wodFtpDLX and wodFtpDLX.NET
Regards,
Jasmine
FTPS TLS versions
by wodSupport, Friday, March 10, 2023, 00:13 (622 days ago) @ dfb
Hi.
wodFtpDLX.NET uses .NET framework's TLS mechanism, so if it's support by .NET framework, it's supported by wodFtpDLX.NET. Changing wodFtpDLX.NET version will not make a difference.
Regards,
Jasmine
FTPS TLS versions
by dfb, Wednesday, April 12, 2023, 05:24 (589 days ago) @ wodSupport
Thanks Jasmine.
We have done some further testing.
We are finding that with wodFtpDLX.NET 1.9.4.268 (and earlier versions) the FTPS connection is okay if TLS 1.0 is enabled at both the server and the client.
If TLS 1.0 is disabled at either end, the connection can't be made. The .Connect method throws an error: "System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at WeOnlyDo.Client.FtpDLX.Connect()"
Any ideas on other things we can try?
Regards
Hi.
wodFtpDLX.NET uses .NET framework's TLS mechanism, so if it's support by .NET framework, it's supported by wodFtpDLX.NET. Changing wodFtpDLX.NET version will not make a difference.
Regards,
Jasmine
FTPS TLS versions
by Jasmine, Wednesday, April 12, 2023, 08:46 (589 days ago) @ dfb
Hi.
I just tried with public FTP server, as suggested here with OpenSSL https://sockettools.com/kb/testing-secure-connections-with-openssl/ under "checking FTP servers". I did set
ftp1.SecureMethod = System.Security.Authentication.SslProtocols.Tls12;
to force TLS12. I did connect successfully, and in wodFtpDLX.NET after connection was made I did
Console.WriteLine("SSL Protocol : " + m_SSLStream.SslProtocol.ToString().ToUpper());
and I got TLS1.2 as response. So, wodFtpDLX.NET does support TLS1.2 since it uses SSLStream, so it's all up to NET framework.
I can't say about your tests or servers or settings. But it is supported.
Regards
FTPS TLS versions
by dfb, Thursday, April 13, 2023, 02:05 (588 days ago) @ Jasmine
Thank you Jasmine!
It appears that setting the SecureMethod to 1.2 will resolve the issue.
Perhaps it defaults to 1.0 if not specified, which won't work if 1.0 is blocked by the operating system.
Thanks again.
