• 12 Apr

    How-To use Implicit vs Explicit SSL/TLS in LimagitoX File Mover

    When we speak about “SSL“, it usually means “implicit” SSL/TLS. The client must negotiate an SSL/TLS session immediately upon connecting to the server’s port, before then reading the server’s already encrypted greeting or sending any encrypted commands. You’ll need to enable ‘Use Implicit SSL/TLS’ in the setup.

    When we speak about “TLS”, it usually wants “explicit” SSL/TLS. The client must not negotiate an SSL/TLS session immediately upon connecting to the server’s port. It must read the server’s unencrypted greeting first, and then later it can send an appropriate STARTTLS command (if the server advertises support for it) to ask for permission to then negotiate an SSL/TLS session before sending any further encrypted commands. You’ll need to enable ‘Use Explicit SSL/TLS’ in the setup.

    Default SSL/TLS Implicit vs Explicit Server Settings:

    Port 110: Explicit-TLS
    Port 995: Implicit-SSL

    Port 143: Explicit-TLS
    Port 993: Implicit-SSL

    Port 25: Unencrypted but could support Explicit-TLS
    Port 465: Implicit-SSL
    Port 587: Explicit-TLS

    Port 21: Unencrypted but could support Explicit-TLS
    Port 990: Implicit-SSL

    If you need help, please let us know.


    Limagito Team

    By Limagito FTP & SFTP , , , , , , , , , , ,
  • 04 Jun

    SSL Error Codes

    Copyright Value Possible reason and steps to take
    ERROR_SSL_TIMEOUT 73730 (0x12002)
    1. Connection is made to/from a service that doesn’t talk proper SSL (e.g. a plain HTTP connection is made to an HTTPS port). Re-check that both client and server services are talking SSL.
    2. Unsupported version of the protocol. Try to play with Versions property of the SSL component and check if any of the combination helps.
    ERROR_SSL_BAD_RECORD_MAC 75778 (0x12802) The peers failed to negotiate a shared key material. Try connecting with different cipher suites one-by-one and check if any of them helps. If neither does, try to use a different protocol version.
    ERROR_SSL_DECODE_ERROR 75792 (0x12810)
    ERROR_SSL_DECRYPT_ERROR 75793 (0x12811)
    ERROR_SSL_RECORD_OVERFLOW 75780 (0x12804) Packet size too large. Try to decrease the maximal size of the packet by adjusting the MaxFragmentLength extension.
    ERROR_SSL_DECOMPRESSION_FAILURE 75781 (0x12805) Compression or decompression failure. Switch off compression (CompressionAlgorithms property).
    ERROR_SSL_HANDSHAKE_FAILURE 75782 (0x12806) Incompatible versions or cipher suite lists. Try to play with version and cipher suite sets. Check that the server certificate is provided and has an associated private key.
    ERROR_SSL_NO_CERTIFICATE 75783 (0x12807) The certificate provided by the peer is not valid.
    ERROR_SSL_BAD_CERTIFICATE 75784 (0x12808)
    ERROR_SSL_UNKNOWN_CA 75790 (0x1280E)
    ERROR_SSL_ACCESS_DENIED 75791 (0x1280F) The requested application-layer resource cannot be accessed by the requestor. Check with the administrator of the remote resource.
    ERROR_SSL_EXPORT_RESTRICTION 75794 (0x12812) The peer is only configured to use exportable cipher suites. Switch on support for “EXPORT” cipher suites.
    ERROR_SSL_PROTOCOL_VERSION 75795 (0x12813) The peers have not been able to negotiate a version to use (no shared protocol versions).
    ERROR_SSL_INSUFFICIENT_SECURITY 75796 (0x12814) The cipher suites mutually supported by the peers are too weak and do not provide an adequate level of security.
    ERROR_SSL_INTERNAL_ERROR 75797 (0x12815) Contact the vendor.
    ERROR_SSL_USER_CANCELED 75798 (0x12816) Application layer has shut down the connection.
    ERROR_SSL_NO_RENEGOTIATION 75799 (0x12817) One of the peers requested a renegotiation, which was refused by the other. Note that you will get this error (as a warning) if you return Allow = false from the OnRenegotiationStart event handler.
    ERROR_SSL_CLOSE_NOTIFY 75800 (0x12818) Does not indicate an error condition. The SSL connection was closed gracefully and can be restored or cloned in future.
    By Limagito Error , ,
  • 27 May

    Web Remote Client SSL option

    Dear Users,

    We’ve added SSL (HTTPS) to our Web Remote Server.  To enable SSL you need to provide 3 certificate files:

    • (Public) Certificate File: This file contains the certificate public key part.
      So everything between and including these two statements:
    • (Private) Key File: This file contains the private key part.
      So everything between and including these two statements:
    • (Public) Root Certificate File: The final file that SSL requires is the Certificate Authority certificate file.
      You can obtain this from the Internet Explorer in Trusted Root Certificate Authority dialog.
      Select the Authority that issued your certificate and export it in Base64 (cer) format.
      This format is also the same as PEM format so after export simply rename the file to root.pem

    The type of certificates we need are .pem files.  The PEM extension is used for Base-64 encoded X.509 certificates. They contain ASCII armored data between “—– BEGIN …”  and “—–END …” lines. Sometimes the certificates come in a single pem file. In this case, you need to open it with a text editor and save the individual certificates in separate pem files.

    Certificates can be obtained from a trusted certificate authority. You can also generate your own but the browser will not trust this and will display a warning.

    If you have a certificate in .pfx format, you’ll have to convert it first. In this case we need a utility called openssl.exe.  First, download and install the OpenSSL Windows binaries from here (at you own risk). The lite version of the binaries is sufficient.

    • Start a command prompt with administrative privileges
    • At command prompt issue the following command:
      • openssl.exe pkcs12 –in <your file>.pfx –out <your file>.pem

    Openssl.exe will ask you for the password of the pfx file. Leave it blank if you did not specify one. It will also ask you for a new password for the .pem file (= optional). The certificates are converted to single pem file. You need to open the converted pem file with a text editor and save the individual certificates in separate pem files.

    Also online certificate conversions are available:

    Web Remote Setup is available in our LimagitoX Config Tool.


    Limagito Team

    By Limagito Remote Tool , , ,