search

giampaolo / pyftpdlib

Extremely fast and scalable Python FTP server library
MIT License
1.65k stars 267 forks source link

Tls1.2 support #535

Open sourabhyadavgit opened 4 years ago

sourabhyadavgit commented 4 years ago

Does this supports tls1.2? When trying updating with ssl_protocol to ssl.protocol_TLSv1_2 its failing to connect with clients with tls1.2. When set back to 1.0 works fine with clients.

giampaolo commented 4 years ago

Hello there. I think this should work (not tested):

from OpenSSL import SSL
from pyftpdlib.authorizers import DummyAuthorizer
from pyftpdlib.handlers import TLS_FTPHandler
from pyftpdlib.servers import FTPServer

authorizer = DummyAuthorizer()
authorizer.add_anonymous('.')
handler = TLS_FTPHandler
handler.certfile = "/path/to/certfile.pem"
handler.authorizer = authorizer
handler.ssl_protocol = SSL.TLSv1_2_METHOD
server = FTPServer(('', 2121), handler)
server.serve_forever()

Also, as a note the self: the current default is SSL.SSLv23_METHOD. That is probably too old. I'm going to file an issue on the tracker.

On Fri, Jul 3, 2020 at 5:12 PM sourabhyadavgit notifications@github.com wrote:

Does this supports tls1.2? When trying updating with ssl_protocol to ssl.protocol_TLSv1_2 its failing to connect with clients with tls1.2. When set back to 1.0 works fine with clients.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/giampaolo/pyftpdlib/issues/535, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFGKLFN4JAKIA23TXK5I6LRZXYMJANCNFSM4OP4OZJQ .

-- Giampaolo - gmpy.dev https://gmpy.dev/about

sourabhyadavgit commented 4 years ago

Thanks a lot giampolo :+1: it worked One more thing I was thinking of amending was listing our ciphers server supports but couldn't get which socket to use for this from class. If I get the socket or function details I can give a try to update it to decrypt client certificates to match host name or any other fields. Apols if it's easy but I'm relatively new to python.

philpep commented 2 years ago

Hi, I dig into an issue where files uploaded to pyftpdlib with lftp 4.8.4 / GnuTLS 3.7.1 (debian stable) where truncated above a certain size. I guess lftp/gnutls doesn't handle correctly SSLv23_METHOD

Using TLSv1_2_METHOD fixed the issue. Maybe this should become the default ? I'm not an TLS/SSL expert but it seems to me that TLSv1.2 should always be preferred now.