ftp pro DHE-RSA-AES128-SHQA cipher supported?

Question

I have used the open source ftp for years and we're evaluating the pro as we need FTPS capability and also like the benefit of using the same library for sftp. The problem I'm having is that a I get a connection reset from the FTPS server I'm trying to connect to when it is trying to negotiate the SSL connection. I asked what cipher they are using and was told it was DHE-RSA-AES128-SHQA . I don't see any ciphers in the documentation that match that description. Is this cipher supported? If it helps at all, the ftp server I'm trying to connect to is WS_FTP server (http://www.ipswitch.com/products/ws_ftp ... /index.asp).

Thanks.

Answer 1

If it helps, the server I'm trying to connect to is reporting:
UNK AUTH SSL

in it's logs, which leads me to believe it's unknown ssl, or, in other words, an unknown cipher.

Answer 2

We do support WS FTP. Have you tried using Example 1 in the download (or a variation) to connect?

Are you using

ftp.auth(SSLFTPClient.AUTH_TLS);

or

ftp.auth(SSLFTPClient.AUTH_SSL);

Try both.

If it helps, the server I'm trying to connect to is reporting:
UNK AUTH SSL

in it's logs, which leads me to believe it's unknown ssl, or, in other words, an unknown cipher.

Answer 3

Example one is what I'm trying. The only change I made was to load every cipher listed in the Javadoc. I'm using AUTH_SSL. I'll try AUTH_TLS again. I was using it at one point, but maybe that was when I had tried implicit mode.

Answer 4

I just recompiled with AUTH_TLS. I'm still getting:

INFO [TestFTPS] 28 Jul 2005 07:31:19.866 : Connecting to server xxx.xxx.com
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 28 Jul 2005 07:31:19.866 : Created explicit FTPS client.
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 28 Jul 2005 07:31:19.866 : Connecting to xxxxx.xxxx.com/206.252.143.10:21
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 28 Jul 2005 07:31:19.937 : 220 xxx.xxxx.com X2 WS_FTP Server 5.0.4 (4196664633)
INFO [TestFTPS] 28 Jul 2005 07:31:19.938 : Switching to FTPS (explicit mode)
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 28 Jul 2005 07:31:19.938 : ---> AUTH TLS
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 28 Jul 2005 07:31:20.454 : 234 SSL enabled and waiting for negotiation
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 28 Jul 2005 07:31:20.455 : Starting SSL handshake on control socket
com.enterprisedt.net.puretls.SSLHandshakeFailedException: java.net.SocketException: Connection reset
at com.enterprisedt.net.puretls.SSLConn.handshake(SSLConn.java:155)
at com.enterprisedt.net.puretls.SSLSocket.handshake(SSLSocket.java:437)
at com.enterprisedt.net.ftp.ssl.B.G(Unknown Source)
at com.enterprisedt.net.ftp.ssl.SSLFTPClient.auth(Unknown Source)
at TestFTPS.main(TestFTPS.java:104)
Printing messages:
220 xxx.xxxxxx.com X2 WS_FTP Server 5.0.4 (4196664633)
---> AUTH TLS
234 SSL enabled and waiting for negotiation

The only difference between this and the other errors are the AUTH TLS instead of AUTH SSL. On the other side I had them run logs and they said the message they got was:
0727 16:30:51 (00001140) xxxx.xxx.com D(0) xxx.xx.xxx.xx UNK AUTH SSL

We've also run a tcp dump and the connection is fine, until their server resets it.

Answer 5

Is it possible they require the using of certificates? Can you connect with FileZilla (http://sourceforge.net/project/showfile ... p_id=21558)?

Answer 6

Actually, I cannot use FileZilla. Our network restricts outbound traffic from inside the network heavily. I'm having to test from a server in our DMZ. I did download a copy of the WS FTP and tested it from my local host with the exact options selected on the SSL as he had. It worked flawlessly. I'm not down to only two options that I can see:
1. One of our firewalls is checking ftp traffic and dissallowing it since it's not text.
2. Their certificate uses a cipher that is not supported.

Is #2 very likely?

Answer 7

(2) is possible, but (1) is a lot more likely, especially since WS_FTP works locally and you can connect initially. until the control channel becomes encrypted.

You may need to speak to your firewall administrators.

Actually, I cannot use FileZilla. Our network restricts outbound traffic from inside the network heavily. I'm having to test from a server in our DMZ. I did download a copy of the WS FTP and tested it from my local host with the exact options selected on the SSL as he had. It worked flawlessly. I'm not down to only two options that I can see:
1. One of our firewalls is checking ftp traffic and dissallowing it since it's not text.
2. Their certificate uses a cipher that is not supported.

Is #2 very likely?