May I close all 'Extended Master Secure' command?

Question

Because Some FTPS Servers don't support that Extended Master Secure command

============================

I upgrade edtFTPnetPRO to 9.9.0 and try to find the property of setting close 'ExtendedMasterSecret' because some FTPS Servers don't support that command.

I only find the 'SessionResumptionRequiresExtendedMasterSecret' property.

=============================================

 objSSLFtp = new SecureFTPConnection();

 objSSLFtp.SessionResumptionRequiresExtendedMasterSecret = false;

==============================================

I think that setting resolves some connection problems because setting that property to 'false'  can resolve some connect problems, but some FTPS Servers will interrupt before check the login name and password. So I think we need another property to set close transmit 'Extended Master Secure' command in all connections (command channel and data channel).

Comments

I'm not quite sure what you mean here. If use of the extended master secret is disabled, it shouldn't be used for command or data connections.

---

I write a Test Prg to debug that situation.

 I initial the property before do connect()

 objSSLFtp.SessionResumptionRequiresExtendedMasterSecret = false;
 objSSLFtp.ConnectMode = FTPConnectMode.PASV;
  objSSLFtp.AutoPassiveIPSubstitution = true;

                objSSLFtp.Timeout = 120000;
                objSSLFtp.ServerCommonName = custDo.sFTP_IP;
                objSSLFtp.ServerValidation =    SecureFTPServerValidationType.AutomaticNoNameCheck;
...
finally, run the command 'objSSLFtp.Connect()', and then I get an Exception as follow:

"Do_FTPS.doConnection()????:(??:259)Socket closed before handshake is complete (2)"
--------------------------------
I see the edtFTP_FTPS log file, and then I find an interrupt connect before check USERNAME/PWD. (detail log as follow:)

DEBUG [LicenseProperties] 1 ?? 2021 22:50:40.467 :  Production license
DEBUG [SSLFTPClient] 1 ?? 2021 22:50:40.467 :  Connecting to 61.XXX.XX.XXX:1031
DEBUG [SSLFTPControlSocket] 1 ?? 2021 22:50:40.478 :  waitOnShutdownSSL=True
DEBUG [SecureSocket] 1 ?? 2021 22:50:40.485 :  ChangeSecurityProtocol: None
DEBUG [ExFTPControlSocket] 1 ?? 2021 22:50:40.489 :  Created control-socket: SocksContext=, ProxySettings=NoProxy, RemoteHost=61.XXX.XX.XXX, controlPort=1031, timeout=120000
DEBUG [FTPControlSocket] 1 ?? 2021 22:50:40.491 :  StrictReturnCodes=False
DEBUG [HostNameResolver] 1 ?? 2021 22:50:40.492 :  Resolving 61.XXX.XX.XXX
DEBUG [HostNameResolver] 1 ?? 2021 22:50:40.492 :  61.XXX.XX.XXX resolved to 61.XXX.XX.XXX
DEBUG [ExFTPControlSocket] 1 ?? 2021 22:50:40.492 :  Connecting directly to ftp-server 61.XXX.XX.XXX:1031
INFO [SSLFTPSocket] 1 ?? 2021 22:50:40.493 :  Connecting to 61.XXX.XX.XXX:1031 with timeout 120000 ms
DEBUG [SSLFTPSocket] 1 ?? 2021 22:50:40.507 :  Successfully connected to 61.XXX.XX.XXX:1031
DEBUG [FTPControlSocket] 1 ?? 2021 22:50:40.507 :  Setting socket timeout=120000
DEBUG [FTPControlSocket] 1 ?? 2021 22:50:40.508 :  SetSocketTimeout: 120000
INFO [FTPControlSocket] 1 ?? 2021 22:50:40.508 :  Command encoding=System.Text.SBCSCodePageEncoding
DEBUG [FTPControlSocket] 1 ?? 2021 22:50:40.509 :  Setting socket buffer sizes=-1
DEBUG [FTPControlSocket] 1 ?? 2021 22:50:40.509 :  SetSocketBuffers: -1
DEBUG [FTPControlSocket] 1 ?? 2021 22:50:40.516 :  220 Microsoft FTP Service
DEBUG [SSLFTPClient] 1 ?? 2021 22:50:40.530 :  SetSSLProtocol: min=DETECT, max=DETECT
DEBUG [SSLFTPClient] 1 ?? 2021 22:50:40.530 :  SetSSLProtocol=Tls1, Tls11, Tls12
DEBUG [FTPControlSocket] 1 ?? 2021 22:50:40.530 :  ---> AUTH TLS
DEBUG [FTPControlSocket] 1 ?? 2021 22:50:40.540 :  234 AUTH command ok. Expecting TLS Negotiation.
DEBUG [SSLFTPControlSocket] 1 ?? 2021 22:50:40.541 :  Beginning Tls1, Tls11, Tls12 handshake.
DEBUG [SecureSocket] 1 ?? 2021 22:50:40.541 :  ChangeSecurityProtocol: Tls1, Tls11, Tls12
DEBUG [CompatibilityLayer] 1 ?? 2021 22:50:40.545 :  Local min SSL version: 3.1, max SSL version: 3.3
DEBUG [SecureSocket] 1 ?? 2021 22:50:40.611 :  Starting handshake
DEBUG [CipherSuites] 1 ?? 2021 22:50:40.613 :  ECDHE_RSA_AES_128_SHA
..... ....pass

DEBUG [CipherSuites] 1 ?? 2021 22:50:40.613 :  ECDHE_RSA_3DES_SHA
DEBUG [SecureSocket] 1 ?? 2021 22:50:40.620 :  Handshake started
DEBUG [SecureSocket] 1 ?? 2021 22:50:40.620 :  Waiting for handshake completion
DEBUG [SecureSocket] 1 ?? 2021 22:50:40.620 :  Waiting for handshake to complete (timeout=120000ms)
DEBUG [SocketController] 1 ?? 2021 22:50:40.647 : FTPConnection.1 Processing hello
DEBUG [CompatibilityLayer] 1 ?? 2021 22:50:40.648 : FTPConnection.1 Remote SSL version: 3.1
DEBUG [HandshakeLayer] 1 ?? 2021 22:50:40.649 : FTPConnection.1 ProcessMessages(Handshake)
DEBUG [HandshakeLayer] 1 ?? 2021 22:50:40.649 : FTPConnection.1 Handshake Message: ServerHello
DEBUG [ClientHandshakeLayer] 1 ?? 2021 22:50:40.652 : FTPConnection.1 Cipher suite selected: ECDHE_RSA_AES_256_SHA
DEBUG [ClientHandshakeLayer] 1 ?? 2021 22:50:40.653 : FTPConnection.1 Extension len=4
DEBUG [ClientHandshakeLayer] 1 ?? 2021 22:50:40.653 : FTPConnection.1 Extension type ExtendedMasterSecret  ============> Key Word (that command still run in command channel)
DEBUG [HandshakeLayer] 1 ?? 2021 22:50:40.653 : FTPConnection.1 Handshake Message: Certificate
DEBUG [HandshakeLayer] 1 ?? 2021 22:50:40.687 : FTPConnection.1 Handshake Message: ServerKeyExchange
DEBUG [HandshakeLayer] 1 ?? 2021 22:50:40.734 : FTPConnection.1 Handshake Message: ServerHelloDone
DEBUG [SocketController] 1 ?? 2021 22:50:40.786 : FTPConnection.1 OnReceive closing (size == 0)
DEBUG [SocketController] 1 ?? 2021 22:50:40.787 : FTPConnection.1 CloseConnection(e=null)
DEBUG [SocketController] 1 ?? 2021 22:50:40.787 : FTPConnection.1 Shut down socket ======> Server Close this Connect
DEBUG [SocketController] 1 ?? 2021 22:50:40.787 : FTPConnection.1 Closed socket
DEBUG [TransferBuffer] 1 ?? 2021 22:50:40.788 : FTPConnection.1 Close() called when open
ERROR [SocketController] 1 ?? 2021 22:50:40.789 : FTPConnection.1 OnReceive - caught exception - closing: Socket closed before handshake is complete (2)
DEBUG [SocketController] 1 ?? 2021 22:50:40.789 : FTPConnection.1 CloseConnection(e=Socket closed before handshake is complete (2))
DEBUG [SecureSocket] 1 ?? 2021 22:50:40.789 : FTPConnection.1 OnHandshakeComplete(False,Socket closed before handshake is complete (2))
DEBUG [SecureSocket] 1 ?? 2021 22:50:40.789 : FTPConnection.1 OnHandshakeComplete - waiting for lock
DEBUG [SecureSocket] 1 ?? 2021 22:50:40.789 : FTPConnection.1 OnHandshakeComplete - in lock
DEBUG [SecureSocket] 1 ?? 2021 22:50:40.789 : FTPConnection.1 OnHandshakeComplete - exiting lock
DEBUG [SecureSocket] 1 ?? 2021 22:50:40.789 : FTPConnection.1 OnHandshakeComplete - exit
ERROR [SecureSocket] 1 ?? 2021 22:50:40.790 :  Exception during handshake
ERROR [SecureSocket] 1 ?? 2021 22:50:40.790 :  System.IO.IOException: Socket closed before handshake is complete (2)
ERROR [SecureSocket] 1 ?? 2021 22:50:40.790 :     ? ....................... (IAsyncResult )
DEBUG [SocketController] 1 ?? 2021 22:52:33.632 : FTPConnection.1 Dispose()
DEBUG [SocketController] 1 ?? 2021 22:52:33.632 : FTPConnection.1 CloseConnection(e=null) =============> End Connect before check the user name / pwd

Answer 1

The solution was to set UseClientHelloExtension = false. The end user has confirmed this was successful.