FTP over explicit TLS bug?
I have a FTP server that supports encrypted sessions. When I approach this server from the internal network, encryption works fine. However, when I approach the server from outside only non-encrypted sessions work. With the FileZilla FTP client I get the following error when I try an encrypted session:
"GnuTLS error -9: A TLS packet with unexpected length was received."
Now, when I use the router of my ISP (instead of the Airport Extreme), encrypted sessions from outside work fine.
So this makes me believe there is a bug in the Airport Extreme. This 4y old blog posting suggests that as well:
http://fetchsoftworks.com/fetch/news/ftp-with-tlsssl-ftps-and-the-new-airport-ex treme-base-station
but it also says it has been fixed in version 7.2.1. Perhaps the bug reappeared?
Granted, the same problem. Firmware 7.5.2, everything works except FTP.Tak alsotried firmware 7.5.1, the problem remained. And for some reason, I will not let meand just to FTP without encryption.
ps long thought AE rebuilt poor server times 4
I apologize for the mistake, I do not speak English, use translate.google
Similar Messages
-
I am evauating wether to purchase Dreamweaver CS6...
Dreamweaver CS6 trial (on Windows 7) wont connect to IIS (v7) Server using "FTP over SSL/TLS (explicit encryption)". I have a NEW Godaddy SSL certificate installed on the IIS server.
On connecting Dreamweaver states: "Server Certificate has expired or contains invalid data"
I have tried:
-ALL the Dreamweaver Server setup options
-Using multiple certificates (tried 2048 bit and 4096 bit Godaddy SSL certificates)
-Made sure the certificate 'issued to' domain name matches my domain name.
I am able to connect no problem using Filezilla, with equivalent Filezilla setting "Require explicit FTP over TLS". I can also connect fine using Microsoft Expression web.Thanks for your prompt reply.
My comments:
1) You should update your tread (forums.adobe.com/thread/889530) to reflect that it still occurs on CS6 (I had already read it but figured it was an old tread and thus should be fixed by now).
2) You said “These warnings will also pop up for your users if you have a store saying the SSL certificate does not match the domain/ip and this can make users checking out in a storefront very nervous” . This does not seem to be correct – my https pages display properly using the same Godaddy certificate … using IE:
3) Godaddy is not my host (I use Amazon AWS) – but the SSL certificate is from them. -
Does Dreamweaver CS3 support implicit ftp over TLS?
Does Dreamweaver CS3 support implicit ftp over TLS? I cannot find this option.
Ask in the Dreamweaver forum. This forum is for suite specific issues only.
-
Does XI support FTP over SSL with Command AUTH TLS??
Hi All,
Can we change Command AUTH TLS to AUTH SSL in the Command Order of receiver FTP adapter when you select FTPS (FTP using SSL/TLS) for Controal and Data Connection??
We are able to transfer business documents to bank's FTP server (Following RFC 2228 standards) using WS FTP Pro (I think follows RFC 959 and 1123 standards) which using AUTH SSL in Command order.
We did go through SAP note 821267 (FAQ for XI 3.0 / PI 7.0 File Adapter)...question number 33 address about the "AUTH TLS" command. But we not getting the same error. We get different as in this forum:
Re: Error: Message processing failed: FTPEx: PBSZ=0
Can someone please confirm if this is the issue with FTP RFC standarads?? Or can we coustomize FTPS adapter to send AUTH SSL command??
Thank you,
Indrasena JangaDear Andy,
I am also looking for the same information.
Could you please share with ,if u have got anything related....
Hi Experts,
Pls share your exp with us if u have any....
Regards,
Srinivas -
Hello,
We have a WSA appliance that we have in explicit mode and want to configure as transparent. The protocols we cache and analyze with WSA are HTTP, HTTPS, native FTP and FTP over HTTP.
Is there a service number on WCCP for FTP over HTTP protocol? Or it is included within HTTP?
Thanks a lot in advance.
Best regards,
IgorIgor,
The service number 60 (ftp-native service) only applies to transparent redirection of FTP native requests and does not apply to FTP-over-HTTP requests.
On the other hand; the Content Engine listens for redirected HTTP requests on the standard HTTP port (default port 80). To enable the Content Engine to listen for WCCP-intercepted HTTP traffic on ports other than the default port, configure the custom-web-cache service (98 and 99) or a user-defined WCCP service (services 90 to 97).
I hope this helps.
Regards,
Juan Lombana
Please rate helpful posts. -
Hi,
we have problem opening FTP sites that require authentication.
When I try to open a ftp site, example ftp://site.com, I get this message in the browser :
Authentication is required by the FTP server ( ftpserver.com ). A valid user ID and password must be entered when prompted.
In some cases, the FTP server may limit the number of anonymous connections. If you usually connect to this server as an anonymous user, please try again later.
But I didn't receive authentication prompt at all
I think we didn't have issues with the previous versions...Are you using IE by chance? If yes, try accessing the FTP server using a different browser. IE has a known issue that such that it doesn't prompt end users to enter FTP server credentials when the user goes through any proxy (not just the WSA). We just decided to add this to the WSA release notes as a "known issue" with the different workarounds listed. You'll see it in the next version of the 7.5 release notes when that comes out someday. Here's what the bug write-up will say:
Defect ID 5463
Users cannot access FTP servers that require server authentication using FTP over HTTP with Internet Explorer. This is a known issue with Internet Explorer when communicating with web proxies. This is due to Internet Explorer never prompting users to enter the server authentication credentials.
Workaround: To access FTP servers that require server authentication, use one of the following workarounds:
Use a different browser, such as FireFox or Chrome, to access the FTP server.
Use an FTP client that uses native FTP to access the FTP server.
If users must use Internet Explorer, they can prepend the username and password into the URL. For example: ftp://USERNAME:[email protected]@ftp.example.com
54636 -
FTP over SSL connectivity in File Adapter
Hi All,
I request your suggestion on my problem. I have a scenario idoc to file where I am connecting to my vendor server throught SFTP (Ftp over SSL). In this my vendor specifically told that to obtain secure FTP connectivity to their server they require a pre-approved Secure FTP client be used to access the service.
So as per this requirement first our XI server need to coneect to the pre-approved client and the connectivity will happen to the vender server. He list the pre-approved client as below
*Cleo Lexicom 2.1
*TrailBlazer ZMOD FTP Client V3R1 PTF Level PFT3100034
*QualEDI for Windows, 32-bit version
*Ascential DataStage TX, Release 7.5
*Future 3 - Advanced Communication Module Plus (ACM Plus)
*eBridge FTPS Communicator for GXS version 5.3
*Ipswitch Inc's WS_FTP Professional version 8.02.
·Robo-FTP version 3.2
Please let me know will this be possible from our file adapter. Currently as per this requirement we open up the port of XI server for SFTP connecvity but through this we can have host to host connection over SFTP and not sure whether we can connect to client software and from their to vendor sever.
Kindly needful your suggestion/solution on this.
Regards,
DhillHi,
Thank you, Yes I have used FTPS only please find the below details given in the communication channel.
<b>FTP Connection Parameters</b>
Server: ServerName
Port : 6366 (specified by vendor)
Data connection : Passive
Timeout(secs) : 65
Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
Keystore: service_ssl
X-509 Certificate and Private Key: ssl-credentials
User Name : Vendor user name
Password: Vendor given password
Connect Mode: Permanantly
Transfer Mode: Text
Maximum Concurrency: 1
and also as per he list given by vendeor we can use *Ipswitch Inc's WS_FTP Professional version 8.02.
<b>Note:</b> We have Deploying the SAP Java Cryptographic Toolkit and also CA certificate used to sign the server certificate added to the TrustedCAs keystore view.
So If possible i request you to kindly provide the details how we need to specify the client software between our XI server and Vender server as you mentioned in your solution.
Please let me know your mail id, i will forward the screenshot of my communication channel.
Kindly appreciate your help on this.
Regards,
Dhill. -
Java Caps 5.1.3. and SFTP (FTP over SSH)
Hi,
I'm trying to use the BatchSFTP option from the batch eway to setup FTP over SSH. I'm having trouble in setting up the keyfile. I've generated a trusted_hosts file using openSSH via CYGWIN (I'm running on W2003 server). The error I get is: Batch SFTP eWay connection failed, method=[connect()], message=[Exception when connect(), e=java.io.IOException: Invalid SSH1 public key format].
Has anyone experience with FTP over SSH and can help me out on this.
Thank you very much,
Cor Zijlstra
[email protected]You need to convert the server public key for the server that you are connecting with to the IETF SECSH format. If you have access to do that, you can run the command ssh-keygen -f myServerPublickey.pub -e > myIETFServerPublicKey.pub. Otherwise, your UNIX server admin will need to run that. Put the ITEF key in your .ssh directory and have CAPS reference that IETF format and you should be set. Make sure the connectivity map/env explorer is set to public key authentication.
I think there is a bug in CAPS with how it is handling the SSH formated key. I have been unable to prove it to support. Furthermore, more pressing issues have taken up my time (aka, other projects).
John -
Hi All,
I would like to check if it is possible to have a ftp server (ftp over ssl) hosted externally to be accessible via the cisco switches, routers etc? Can this result be achieved?
Thanks
AlexIt should. Check out https://packetpros.com/cisco_kb/ios_http.html. Change the http commands to https.
-
How to handle SFTP (ftp over SSH)
Hi there,
I know XI only supports FTP (and FTPS(SSL)) when trying to exchange files with other systems.
Right now, i have to interconnect a legacy with XI. This external server uses SFTP (FTP over SSH) as an standard of file transfering process.
Could you please tell me if there is a possibility to integrate them?
Best regards,
DavidYou'll need either to:
- develop the connection in a java proxy,
- develop your own adapter,
- buy an adapter for SFTP from a 3rd party,
- if you have UNIX as OS, use OS commands (through shell script in a file adapter for example) to start SSH/SFTP connection.
Regards,
Henrique. -
Do I need to take any action over the Heartbleed bug?
Do I need to take any action over the Heartbleed bug?
You can use this website test the sites, like banking sites, for protection to the Heartbeat issue: Qualys SSL Labs - Projects / SSL Server Test.
Just enter the URL of the site and it will test it for compliance.
OT -
How can I configure latest Lightroom to FTP upload using explicit FTP over TLS?
?
It would help to know which plugin you're using, but in general: ftp preset includes 'Protocol' which can be FTP or SFTP.
I *think* SFTP will use TLS if possible.
Whether it actually uses TLS vs SSL2... - I dunno: I suspect it will use TLS if supported on server, then down-shift to reglar SSL if need be, but I'm guessing. If you need to assure that only TLS is used (no down-shifting), you'll need some input from somebody else in the know - consider asking question direct to adobe:
http://feedback.photoshop.com/photoshop_family/topics/new
My guess: only way to assure specific security protocol is to go through 3rd party app.
Rob -
Issue with permissions when using SFTP (FTP over SSH)
I have an issue when i use SFTP, for some reason users are able to browse the system's root directory and other user's directories. Also some users don't have access to the FTPRoot alias and some do. If i connect using FTP everything is fine. Can someone shed some light on this issue.
Thanks,
TorosThere is absolutely no correlation between FTP and SFTP.
SFTP is actually a file transfer run over SSH and therefore subject to the normal account/shell restrictions, just as if the user logged in via SSH.
What you're confusing it with (easily done) is FTPS, which is SSL-encrypted FTP. This uses SSL/TLS to secure a FTP connection and is subject to the account restrictions defined in the FTP server, independent of the user's shell access.
So, in other words, SFTP uses a SSH session to transfer files. FTPS uses SSL to secure a FTP session.
There's no trivial way to prevent a SFTP user from walking through the directory tree since there's no difference between their SFTP session and an SSH session. -
NW6.5 FTP-file-mismatch with FTP over TotalCommander
Hello *
We use the FTP-Service within the TotalCommander-Program (TC from
www.ghisler.com) to access a NetWare-NSS-Volume.
Some filenames contains periods and space characters also
(e.g. "1.2 Chapter x.pdf".)
After a couple of weeks (~80 days) the displayed file-name changes: This
happens within the TC-FTP-access only. All other access-methods (MS-FTP;
Novell-NetStorage; NCP - Windows-Explorer) are showing the name correctly.
e.g.
access over NCP, MS-FTP, NetStorage | access over FTP within TC
displayed filename |(after ~80 days) displayed filename
------------------------------------|----------------------------
"2.1 Chapter ONE.pdf" |"Chapter ONE.pdf"
This happens from every PC at the same time, so there have to be some
changement on the NetWare-Server.
Volume compression is disabled (nssmu.nlm)
We have to copy or open and save the file again to get rid of this for
the next ~80 days ...
Any idea?
oskarThank you - Andrew,
yes, SOPHOS-Anti-Virus is installed, and there is a regularly Backup-Job
also. But both are running weekly ...
Anyway, we have to move the data to a new OS ... (could be a solution
for this ...)
By the way, Symantec-Backup-Exec-Support told me, that restoring the
trustee-rights (from a NetWare-NSS-Volume-Backup) to a OES-NSS-Volume is
not supported ("reason: ... it is another OS!").
Can you recommend a smooth method to move the data from NW to OES?
Kind regards
Oskar
Am 01.02.2012 22:56, schrieb ataubman:
>
> OK, well that's fine. I have no idea what your problem is, there is no
> automatic process on NW that runs every 80 days. The closest I can think
> of would be the NSS background check; Normally it runs 5 days after the
> server comes up and every two weeks thereafter.
>
> Do you have perhaps an anti-virus or backup that runs a scan regularly
> over the volumes at that interval?
>
> That aside all I can suggest is a rebuild:
>
> nss /poolrebuild /purge
>
> -
Mouse Over Image Swap bugged transition problem
I have a question regarding the function of "Import" and "Update" in the properties of an image. I've re-updated the link above to reflect my specific question. In the movie, there are image swap transitions as you scroll over various sections of the home page. These actions are carried out in the target cont_images and cont_images/images for the pictures. I attempted to update one of the photos in the library with a new picture of equal quality and proportions but when I then watch the movie, the action is carried out but in a very un-smooth fashion. The transition can be contrasted here:
http://www.greenworknow.com/Test/2138/flash&html/index.html
vs
http://www.greenworknow.com/Test/2138/flash&html/buggedmain.swf
The bugged transition will be the Adventure tab in the center, right most box. You'll also notice that with the bug it quickly flashes the picture under the "Register" Tab (image_big_2) with the one that was changed being (image_big_3). The part that puzzles me is that it had worked once by simply updating/importing but for some reason no longer does, I believe it lies in the method I'm going about replacing the photo. Also the photo isn't being called externally from a folder as it is built into the library of the FLA. I hope this was all clear enough. If there are any odd parts, I'll be watching the thread to respond if you have a question.
Again, thank you for your continued efforts in helping me, the aid is very much appreciated.
(If you need to download the FLA, there's a link under that index page above to do so)*bump*
Anyone have an idea? or maybe alternate methods I can try to implement the new images?
Maybe you are looking for
-
How far does the 10MB inclusive allowance go on th...
How far does the 10MB inclusive allowance go on the BTBBA deal? For example how many web pages? Why do upgrades always come with a downgrade Solved! Go to Solution.
-
Network Load Balancing - "access denied" when loading configuration information from host2
We have 2 Windows 2012 R2 servers, both are running on workgroup. We set up NLB cluster. When we open NLB Manager on the server2, then message shows "loading configuration information. Access denied. Error connecting to server1". There is no issue
-
Link to download software for WRT54G verisoin 2
If anyone has trouble downloading the software for WRT54G verison 2, use this link. http://www.linksys.com/servlet/Satellite?c=L_CASupport_C1&childpagename=US/Layout&cid=1166859678292&... I had to call support and this the link they gave me and it w
-
Formatted output in output_file
Hello, String name = "Drabick"; int age = 22; System.out.print("%s%20d",name,age);Above can be used to write output in nice way, but I want to write output in separate file. BufferedWriter out2 = null; try { out2 = new Bu
-
Mini hibernates despite pmset saying it shouldn't
Hello. My new (late 2012) Mac Mini is great, but I've noticed that after putting it to sleep, an hour later it wakes again (although not the displays) to write everything in memory to disk. I'd rather turn this off (it seems a bit pointless given I