FluentFTP: AutoDetect throws Security.Authentication.AuthenticationException if server supports TLSv1 only

FTP Server OS: Unix

FTP Server Type: ProFTPD

Client Computer OS: Windows

FluentFTP Version: 47.0.0

Framework: Framework 4.6.2

I’m trying to call AutoDetect, but it throws an exception: System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. —> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm

Logs :


# AutoDetect(False, False)
2023-07-19 06:51:40.2089| INFO|Connecting to ftp://ftp.***.**

# Connect(False)
Status:   FluentFTP 47.0.0.0(.NET Framework 4.6.2)
Status:   Connecting to IP #1= ***:21
Status:   Waiting for a response
Response: 220 ProFTPD 1.3.5b Server (SNPI) [::ffff:**.**.**.**] [738719.286d]
Status:   Detected FTP server: ProFTPD
Command:  AUTH TLS
Status:   Waiting for response to: AUTH TLS
Response: 234 AUTH TLS successful [77ms]
Status:   Closing/Disposing FtpSocketStream(control connection)
Error:    FTPS Authentication failed, lib = .NET SslStream
Error:    A call to SSPI failed, see inner exception

Looks like this is because of the protocols priority:

    private static List<SslProtocols> DefaultProtocolPriority = new List<SslProtocols>()
    {
      SslProtocols.Tls11 | SslProtocols.Tls12,
      SslProtocols.Default
    };

Am I right? Is any way to make profile autodetection work?

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 16

Most upvoted comments

How soon can I get a fix in nuget? I’d drop crutches in my code then.

I notified @robinrodricks - but we are actually still debating how to go a bit further on this (or not). So hold your horses for a while.

+1
FanDjango on Jul 20, 2023

and there the policy was - No encryption first

I see. That was before my time…

Ok, here is a general suggestion, as a workaround for now:

Do your AutoDetect, catching the exception System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm.

Not having a common algorithm is a terminal condition -> cannot use Encryption. In this case, try again in your own code with a manual connect and Encryption.None.

Meanwhile I will have a look at the current code to see if this can be improved somehow.

+1
FanDjango on Jul 19, 2023
Read more comments on GitHub
← FluentFTP: AutoConnectAsync error: Timed out trying to read data from the socket stream!
FluentFTP: Cannot connect to FTPS IIS server on windows 2019 from Azure functions V4 →