Skip Menu |

This queue is for tickets about the Net-FTPSSL CPAN distribution.

Report information
The Basics
Id: 115296
Status: resolved
Priority: 0/
Queue: Net-FTPSSL
People
Owner: Nobody in particular
Requestors: Mai [...] jochen-schweizer.de
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 0.31
Fixed in: 0.32

History Show all quoted text
  Mon Jun 13 04:09:52 2016 Mai [...] jochen-schweizer.de - Ticket created
Subject: TLSv1_1/TLSv1_2 treated as SSL, not TLS
Date: Mon, 13 Jun 2016 08:09:29 +0000
To: "bug-Net-FTPSSL [...] rt.cpan.org" <bug-Net-FTPSSL [...] rt.cpan.org>
From: Lukas Mai <Mai [...] jochen-schweizer.de>
https://metacpan.org/source/CLEACH/Net-FTPSSL-0.26/FTPSSL.pm#L278 Show quoted text
> $use_ssl = ( $mode !~ m/^TLSv1$/i ); # Reset in case it conflicts ...
If I set mode to 'TLSv1_1' or 'TLSv1_2', Net::FTPSSL tries to auth with "SSL" instead of "TLS", which breaks my connection. -- Lukas Mai (Software Developer) Jochen Schweizer Technology Solutions GmbH Rosenheimer Str. 145 e-f, 81671 München HRB München 203111; Geschäftsführer: Florian Herschke, Prokurist: Saad Daoud
  Mon Jun 13 13:20:25 2016 CLEACH [...] cpan.org - Broken in 0.31 added
  Mon Jun 13 13:20:25 2016 CLEACH [...] cpan.org - Severity Normal added
  Mon Jun 13 13:35:23 2016 CLEACH [...] cpan.org - Correspondence added
Thank you for using my module and for reporting this issue. I'll look into posing a new version in the next day or so. Normally I'd request sample code & a log file showing what was happening, but in this case it looks simple enough. But I do have a question, is there a particular reason you are passing the SSL_Version as part of the setup instead of letting the handshake determine the default? Curtis On Mon Jun 13 04:09:52 2016, Mai@jochen-schweizer.de wrote: Show quoted text
> https://metacpan.org/source/CLEACH/Net-FTPSSL-0.26/FTPSSL.pm#L278 >
> > $use_ssl = ( $mode !~ m/^TLSv1$/i ); # Reset in case it conflicts > > ...
> > If I set mode to 'TLSv1_1' or 'TLSv1_2', Net::FTPSSL tries to auth > with "SSL" instead of "TLS", which breaks my connection. > > -- > Lukas Mai (Software Developer) > Jochen Schweizer Technology Solutions GmbH > Rosenheimer Str. 145 e-f, 81671 München > HRB München 203111; Geschäftsführer: Florian Herschke, Prokurist: Saad > Daoud >
  Mon Jun 13 13:35:24 2016 The RT System itself - Status changed from 'new' to 'open'
  Tue Jun 14 06:20:23 2016 Mai [...] jochen-schweizer.de - Correspondence added
Subject: RE: [rt.cpan.org #115296] TLSv1_1/TLSv1_2 treated as SSL, not TLS
Date: Tue, 14 Jun 2016 10:19:53 +0000
To: "bug-Net-FTPSSL [...] rt.cpan.org" <bug-Net-FTPSSL [...] rt.cpan.org>
From: Lukas Mai <Mai [...] jochen-schweizer.de>
If I don't pass an SSL_version, Net::FTPSSL hardcodes it as 'TLSv1'. A few days ago, one of our FTP upload scripts started failing: | TLSv1: SSL connect attempt failed because of handshake problems error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure I don't know much about SSL but I discovered that I could fix the issue by passing TLSv11 or TLSv12 as SSL_version (my guess is that the server switched off TLSv1 support?). Well, at first that just resulted in: | 500 This security scheme is not implemented But patching Net::FTPSSL to send 'AUTH TLS' instead of 'AUTH SSL' then made things work again. Show quoted text
> -----Original Message----- > From: Curtis Leach via RT [mailto:bug-Net-FTPSSL@rt.cpan.org] > Sent: Monday, June 13, 2016 7:35 PM > To: Lukas Mai <Mai@jochen-schweizer.de> > Subject: [rt.cpan.org #115296] TLSv1_1/TLSv1_2 treated as SSL, not TLS > > <URL: https://rt.cpan.org/Ticket/Display.html?id=115296 > > > Thank you for using my module and for reporting this issue. I'll look into posing a > new version in the next day or so. > > Normally I'd request sample code & a log file showing what was happening, but in > this case it looks simple enough. > > But I do have a question, is there a particular reason you are passing the > SSL_Version as part of the setup instead of letting the handshake determine the > default? > > Curtis > > On Mon Jun 13 04:09:52 2016, Mai@jochen-schweizer.de wrote:
> > https://metacpan.org/source/CLEACH/Net-FTPSSL-0.26/FTPSSL.pm#L278 > >
> > > $use_ssl = ( $mode !~ m/^TLSv1$/i ); # Reset in case it conflicts > > > ...
> > > > If I set mode to 'TLSv1_1' or 'TLSv1_2', Net::FTPSSL tries to auth > > with "SSL" instead of "TLS", which breaks my connection. > > > > -- > > Lukas Mai (Software Developer) > > Jochen Schweizer Technology Solutions GmbH > > Rosenheimer Str. 145 e-f, 81671 München > > HRB München 203111; Geschäftsführer: Florian Herschke, Prokurist: Saad > > Daoud > >
> >
  Tue Jun 14 14:04:28 2016 CLEACH [...] cpan.org - Correspondence added
Thank you for the information. It's helpful to know the background when a new issue is encountered with my module. I've fixed the test in the latest release I just uploaded (v0.32). It should be available in a couple of hours. It now does an explicit test for SSL instead of a negative test. So it should be more reliable in the future. I'll close the ticket in a couple of days unless you say you have issues with it. Curtis On Tue Jun 14 06:20:23 2016, Mai@jochen-schweizer.de wrote: Show quoted text
> If I don't pass an SSL_version, Net::FTPSSL hardcodes it as 'TLSv1'. > > A few days ago, one of our FTP upload scripts started failing: > > | TLSv1: SSL connect attempt failed because of handshake problems > error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake > failure > > I don't know much about SSL but I discovered that I could fix the > issue by passing TLSv11 or TLSv12 as SSL_version (my guess is that the > server switched off TLSv1 support?). Well, at first that just resulted > in: > > | 500 This security scheme is not implemented > > But patching Net::FTPSSL to send 'AUTH TLS' instead of 'AUTH SSL' then > made things work again. >
  Thu Jun 16 21:02:30 2016 CLEACH [...] cpan.org - Fixed in 0.32 added
  Thu Jun 16 21:20:05 2016 CLEACH [...] cpan.org - Status changed from 'open' to 'resolved'