search

robinrodricks / FluentFTP

An FTP and FTPS client for .NET & .NET Standard, optimized for speed. Provides extensive FTP commands, File uploads/downloads, SSL/TLS connections, Automatic directory listing parsing, File hashing/checksums, File permissions/CHMOD, FTP proxies, FXP support, UTF-8 support, Async/await support, Powershell support and more. Written entirely in C#.
MIT License
3.1k stars 652 forks source link

Failed to call SSPI, see internal exception. FTP with SSL/TLS #176

Closed fernandovictorTI closed 1 year ago

fernandovictorTI commented 7 years ago

When attempting to connect FTP with SSL / TLS raises the exception: Failed to call SSPI, see internal exception.

FtpClient client = new FtpClient("host", 52447, "user", "password");
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var cert = store.Certificates.Find(X509FindType.FindBySubjectName, "nameCertificate", true)?[0];

client.ClientCertificates.Add(cert);
client.EncryptionMode = FtpEncryptionMode.Explicit;
client.DataConnectionType = FtpDataConnectionType.PASV;
client.DataConnectionEncryption = true;

client.ValidateCertificate += (control, e) =>
{
    e.Accept = true;
};

client.Connect();

store.Close();
robinrodricks commented 7 years ago

Can you show the trace logs? See the FAQ on how to do that.. and which is your server OS and FTP software?

fernandovictorTI commented 7 years ago

Hi hgupta9, Here is the Log. This is a Windows server 

# Connect()
Status:   Connecting to ***:52447
Response: 220 Welcome to Synchrony Gateway FTP server
Command:  AUTH TLS
Response: 234 AUTH command OK, waiting handshake
Error:    FTPS Authentication Failed

I can connect via CMD with the MOVEit Freely tool. With the command below.

ftps -e:on –a -natpasv host 52447 -user: -password: -ccn:xtjmt

JanLorenz77 commented 6 years ago

Hi, is there any news? I have the same problem. The inner exception says: "The format of the received message was unexpected or erroneous"

fernandovictorTI commented 6 years ago

I still can not connect vi Fluent. Alternatively I create .bat files for the application that runs them with the MOVEit Freely tool.

Saiyan commented 6 years ago

I just ran into the same error trying to connect to a Debian server running vsftpd and the problem in my case was the ciphers setting of the ftp server. afaik vsftpd uses OpenSSL and after changing the ssl_cipher setting to "HIGH" everything works like a charm. The other two preset values "LOW" and "MEDIUM" wouldn't work for me.

Hope this helps

robinrodricks commented 6 years ago

This seems to be an extension to the FTPS/SSL protocol that we have not implemented. I cannot say more without further debugging.

JanLorenz77 commented 6 years ago

Do you need a test access for sftp, where I get the ecxeption (private message)?

nienie0714 commented 5 years ago

thx for all comment,I already solved this problem. The reason of this problem is the Tls1.0. See this link https://docs.microsoft.com/zh-tw/dotnet/api/system.security.authentication.sslprotocols?view=netframework-4.8 we can know that,the default setting of .NET support only Tls1.0,BUT .NET4.6.1 support Tls1.1 and higher,so this is my problem.
if you want solve this problem,you should: first: make sure the server support Tls 1.1 or 1.2 ,not just 1.0 second: add this conn.SslProtocols = SslProtocols.Default | SslProtocols.Tls11 | SslProtocols.Tls12; the author has given this code in SetEncryptionProtocolsExample.cs I found this link https://blog.csdn.net/xiaofeizai1116/article/details/52329703 I'm not find out where it come from,it really helped me. sorry to that man in onther issue whos server is only support Tls1.0,I don't know what should he do.

robinrodricks commented 5 years ago

Possibly could be fixed by setting conn.SslProtocols = SslProtocols.Default | SslProtocols.Tls11 | SslProtocols.Tls12 as default in .NET 4.6 and higher.

Related to #356