I currently working on BizTalk and I got a problem when I try to configure a send port to a ftps server.
I send a request to an amazon server to get a file and I want to send this file on a ftp server.
I use an adapter nsoftware.ftp v3 for my sending port to the ftp server. But when I try it, I got this error message :
This system contains a plaintext-only license, however the( Ftp:Adresse) send port is configured to run with security enabled. You must disable the security features for the send port to execute.
Do I need a certificate with a private key or just the configuration any is ok with the nsoftware adapter?
So actually I use a first flow to get a file on a amazon server and it works . After, I create a send port who must take this file and send him to an ftps server (it is the server of a client). So I use the property BTS.SPName to activate this send port at the file reception and I use a nsoftware.ftp adapter (free version) for the transport type. The client send to me the certificate of the server and I install it on the server.
#Martin is right. The error is due to licensing. The version of the license you have does not support SSL/TLS connections. Please submit a support ticket and we can provide information on using the latest version of the adapters (V3 is also a few major versions old).
Related
I'm working on a desktop C++ application which uses OpenSSL sockets (a raw TLS socket, not HTTPS) to communicate with our server.
One of our clients are required to route their traffic through a proxy. The client is using ZScaler in Tunnel with Local Proxy mode.
In theory, it's possible to reconfigure ZScaler to force our traffic through a proxy chosen by ZScaler. However, I want to investigate solutions where our application uses the Windows OS-level proxy settings rather than relying on ZScaler configuration.
I've read this post:
openssl s_client using a proxy
But I'm uncertain whether those answers apply to my situation, because that user didn't mention whether they're using Windows or Linux, and they appear to be talking about an HTTP/HTTPS proxy. Also, that question appears to be asking about the s_client function, rather than simply creating a TLS socket to my server through a "Tunnel with Local Proxy" on Windows.
So, my questions are:
Can OpenSSL be used to open an SSL socket to a server through Tunnel with Local Proxy?
Can we make an OS call to determine the IP/socket for the Tunnel with Local Proxy configuration?
If this is possible, then I have another question: suppose we have a single proxy at 10.100.10.0:5000.
If one user in our client's office opens a socket to our server via their proxy, will a 2nd user be unable to connect from their office because they're bottlenecked at single proxy socket?
Put another way: what is the standard way of implementing proxy-awareness for a Windows application using OpenSSL?
Note: This question was originally posted to Network Engineering stack exchange, but it was closed because it refers to an issue above OSI layer 4.
Note: I'm looking for a solution that does not require administrator permissions on the user PC. I would prefer for our application to discover and use OS-level proxy settings without making any administrative changes to the machine, i.e. by calling netsh.
Can OpenSSL be used to open an SSL socket to a server through Tunnel with Local Proxy?
OpenSSL doesn't do it for you but OpenSSL does not prevent it either. The tunnel has to be established before you do the TLS handshake to the endpoint. Depending on what kind of proxy this is you might need to use a HTTP CONNECT method for this or might need to use the SOCKS protocol or whatever your proxy requires. In case of ZScaler this is likely the HTTP CONNECT method but you need to make sure that the connection to the target IP and port is actually allowed by the security policy.
Once you've established the tunnel to the endpoint using the proxy you can just build the SSL socket on top of the TCP socket for the tunnel. Just do the usual SSL setup (i.e. SSL_new etc) and then associate the SSL object with the existing socket using SSL_set_fd. Then proceed as usual with the handshake, i.e. SSL_connect or similar.
Can we make an OS call to determine the IP/socket for the Tunnel with Local Proxy configuration?
I don't know but Winsock use system proxy settings might answer this part.
If one user in our client's office opens a socket to our server via their proxy, will a 2nd user be unable to connect from their office because they're bottlenecked at single proxy socket?
This should not be a problem. It is perfectly normal to have multiple connections through the proxy.
i was reading this topic
http://ftp.icm.edu.pl/packages/socks/socks4/SOCKS4.protocol
and what im trying to do is:
i have a client/server application, what im trying to do is to use socks 4 BIND request to bind my server to a remote socks server, and make the clients connect to that socks server and the socks server will make them connect to my server (at least thats how i understand socks BIND request)
but i don't fully understand it (my English is kinda bad), what im asking is, is it possible to do so when i dunno any of the remote IPs of the clients? since the server's BIND request package must contain the address of the remote client and i dont really have than since the clients are from unknown users retrieving status info from my server (or can i use 0 for INANY_ADDR) ?
What you are asking for is not possible with SOCKS, nor is it meant for that purpose. Read the spec again more carefully. The BIND command is meant for use with multi-connection protocols (like FTP), where a primary connection is used to communicate between a client and a server, and BIND facilitates situations where the server needs to connect a secondary connection to the client after the client tells the server where to connect. In that situation, the client would issue a BIND command to SOCKS telling it the server's IP/Port so it only accepts that connection, then send the resulting SOCKS listening IP/Port to the server to connect to.
What you are asking for is better served by using a router with Port Forwarding rules defined. Then you can open a listening port on the router that accepts any inbound connection and forwards it to your app's listening IP/Port. Most modern routers support uPNP (Universal Plug-N-Play) so you can configure the forwarding rules programmably instead of requiring admin access to the router's configuration software.
I am working on a dropbox like system and I am wondering how the client gets notified when the files change on the server side. It is my impression that both dropbox and ubuntu one operate over HTTP ports and work as follows:
1. if files change on client machine, inotify detects it and preforms a push from the client to the server. (I get this part)
2. if files change on the server a simple unsolicited notification (just a message saying "time to sync") is sent from the server to the client. Then the client initiates a sync to the server.
I dont really care which language I do this in. I am just wondering how the client gets contacted. Specifically, what if a client is behind a firewall with its own local IP addresses. How does the server locate it?
Also, what kind of messaging protocols would be used to do something like this? I was planning on doing this over HTTP or SSH, but I have no attachment do that.
I'm not sure what Dropbox is using, but it could be websockets (unlikely, it's a pretty new and not widely deployed thing) or more likely a pending Ajax request from the client to the server -- to which the server only responds when it has new stuff for the client. The latter is the common way to implement (well, OK -- "hack";-) some form of "server push" with HTTP.
It took a little research into networking to see how this would work, but it is far more trivial then I expected. I am now using standard Java sockets for this. Start up the server process which listens for a socket connection. Then start up the client which connects to the server.
Once the connection is made, messages can be sent back and fourth. This works through NAT (network address translation) which is standard method for routing packets on private networks behind a firewall.
I am trying to use gmail's SMTP server smtp.gmail.com to send mails using C in Windows. I am able to connect to port 587 of the server, however the server responds by saying that STARTTLS/TLS is needed. Is there any Windows API call for starting a TLS connection ?
Should I even consider writing this application in C or use Python ?
Edit: Has anyone been able to send a mail by connecting to smtp.gmail.com using Telnet ? What I got was
220 mx.google.com ESMTP g4sm73428740wae.2
HELO hello
502 5.5.1 Unrecognized command. g4sm73428740wae.2
HELO hello.hello
250 mx.google.com at your service
MAIL FROM:a#gmail.com
530 5.7.0 Must issue a STARTTLS command first. g4sm73428740wae.2
STARTTLS
220 2.0.0 Ready to start TLS
MAIL FROM:a#gmail.com
and the connection is lost
You are going to need either a .NET wrapper around Microsoft's SmtpClient to create a DLL that can use the .NET features for SSL/TLS support through SMTP or use OpenSSL to handle the connections.
It would probably be beneficial for you to write this in C++. I am not familiar with Python, but I am sure there are libraries such as TLS Lite (Edit: see below, smtplib apparently provides you this functionality too).
Edit: Based on your edit, you have to have a program that knows how to handle the STARTTLS command. GMail requires secure connections and a username/password by default on all SMTP connections. You can connect to port 25, but you'll have to switch to the secure port after the initial connection. This is why, when you go to http://mail.google.com, it automatically switches to https connection. There was a whole big discussion about this on the Internet some time ago..
If you do not want to use OpenSSL or other third-party SSL/TLS library, then you can use Microsoft's own SSPI/SChannel APIs instead. It can be used on top of a socket, where the socket handles the low-level input/output of bytes, and you pass the bytes in/out of SSPI/SChannel functions for processing.
If you choose to write it in C then you will need a library like GNU SASL, which enables secure SMTP authentication. If you opt for C++ as was previously suggested then I would look at VMime, which is a free C++ library that uses GSASL. There is an example on the site that shows how to connect to GMail.
I am trying to send mail from a local iis app using localhost as my smtp server after installing free smtp but I am getting the following error:
Mailbox unavailable. The server response was: Invalid
recipient: 'validAddress'#hotmail.com
Any idea what the problem could be?
it sounds like your free (3rd party) smtp app is not leaving your network and might be trying to see if it has that mailbox itself. Try and see if there is a setting to allow the smtp server to access external connections, etc. What is the name of the free smtp app, btw?
Alternatively, can u use the built in SMTP mail provider, built into iis? do you know how to use that, instead of this 3rd party app.
It looks more like the SMTP service needs to be configured to "Relay" email... Usually this involves telling it what YOUR mail domain is, and then any mail destin for a domain other than it's own will cause it to go out to the world, and try to relay the message to the real server.
But, be careful! This is how spammers exploit email servers. They look for SMTP listeners that will relay for them. You want to make sure yours will only accept relay mail from "localhost", or whatever machine will be connecting to it to do the sending.
A more secure way is to block port 25 inbound at your firewall to this box, so this SMTP server is not visible to the outside world.
Write and test a simple smtp sender in C. It needs 3 minutes with RFC
Use Wireshark to see what comes on the wire between your application and the SMTP server.