-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS 1.2 support? #122
Comments
Are you using the latest release? |
Yes, I am using v0.26.7. |
the same issue. any idea when will we can use 1.2 TLS? |
|
Filezilla works just fine for me, but not NppFTP. |
Maybe also https://www.codeproject.com/Articles/20181/The-Ultimate-TCP-IP-Home-Page#Ultimate_TCP-IP_Features is the problem, as there just TLS 1.0 support is stated, but not sure if this is also valid for nppFTP. Need to dig a little bit deeper in the source code. |
See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_new.html currently just TLSv1_client_method() is supported by https://github.com/ashkulz/NppFTP/blob/master/UTCP/src/ut_clnt.cpp#L641 TLSv1_1_client_method() and TLSv1_2_client_method() are missing. And also the corresponding code for TLS protocoll version fallback from 1.2 -> 1.1 -> 1.0. Testserver for FTP, FTPS, FTPES and SFTP is available, see http://test.rebex.net/ |
What is the configuration for the server? FTPS mode would use fallback as it uses |
Sorry, the commet was too short. The connection to the mentioned test server with nppFTP is fine with FTPS amd FTPES, so that particular server seem to require just TLS 1.0. Currently I have no testserver to test against that just accepts TLS 1.2. The analysis was just based on code reading. From openssl
, but there is a code path at https://github.com/ashkulz/NppFTP/blob/master/UTCP/src/ftp_c.cpp#L3270 leading to https://github.com/ashkulz/NppFTP/blob/master/UTCP/src/ftp_c.cpp#L3300 which seems to use just the TLSv1_client_method() call. And that "AUTH TLS" from that code position is visible in the trace above. |
Any progress? I've just updated to 0.26.8 Filezilla connected as well. |
use SSLv23 (leading to call of SSLv23_client_method at openssl) instead of TLS (leading to call of TLSv1_client_method at openssl)
@JAN4GER @defwheezer |
Yes, that new NNPftp.dll works for me (win7), I am able to connect again to the yahoo hosting ftp server! Awesome- thanks!!
-cb
|
@chcg: I'd recommend that you create a PR directly in this repository itself, so that a DLL will be built which can be tested by the reporter directly and verified before merging -- AppVeyor is now enabled on this repository. @defwheezer @JAN4GER: we'll hopefully release 0.26.9 with these changes very soon 👍 |
Thanks @defwheezer @chcg ! It works smoothly! Again! |
use SSLv23 (leading to call of SSLv23_client_method at openssl) instead of TLS (leading to call of TLSv1_client_method at openssl)
just release fix for TLS v1.2 support as version https://github.com/ashkulz/NppFTP/releases/tag/v0.26.9. It is available also from PluginManager with Setting -> use development plugin list and in ~2 weeks on the normal list. |
I have previously had no problems with NppFTP connecting, but now the web host has changed to TLS 1.2 and it no longer connects to the server.
From the hosting site: "Important: As of January 4, 2017 all FTP sessions will require an FTPS connection along with TLS 1.2 protocol support for increased system security."
Does the plugin support TLS 1.2, or is it still only supporting TLS 1.0?
The text was updated successfully, but these errors were encountered: