如何使用 SslStream class 禁用加密?
How do I disable encryption with the SslStream class?
我正在通过 TLS/SSL using the SslStream class. Everything is going fine. However I need to support a command called "CCC" 连接到 FTPS 服务器,这基本上禁用了加密。如果我只是这样做:
SendCommand("CCC");
sslStream.Close();
netStream.Write("...<futher FTP commands>...")
然后FTP服务器用看似垃圾的数据(大约30字节)响应,之后不响应任何命令(超时)。
FTP日志如下:
# Connect()
Status: Connecting to ***:21
Response: 220-IPv6 connections are also welcome on this server.
Command: AUTH TLS
Response: 234 AUTH TLS OK.
Status: FTPS Authentication Successful
Command: USER ***
Response: 331 User *** OK. Password required
Command: PASS ***
Response: 230 OK. Current restricted directory is /
Command: PBSZ 0
Response: 200 PBSZ=0
Command: PROT P
Response: 200 Data protection level set to "private"
Status: Text encoding: System.Text.UTF8Encoding
Command: OPTS UTF8 ON
Response: 200 OK, UTF-8 enabled
Command: SYST
Response: 215 UNIX Type: L8
Command: CCC
Response: 200 Control connection unencrypted
Status: The stale data was: ************
如您所见,FTP 服务器发回“200 控制连接未加密”,这意味着命令成功。同样重要的是要注意,响应是以 加密格式 .
发送的
所以我可能需要在禁用加密的同时继续使用 SslStream。禁用加密算法时,可能仍然需要 "block mode" 通信。有人知道我该怎么做吗?
What is the difference between "closing the secure connection" and
dropping it?
"Closing the secure connection" 是指在不关闭底层 TCP 连接的情况下发送 TLS close_notify 警报。 SslStream class, through use of the constructors that take a bool innerStreamOpen argument 支持此功能。通常,当您调用 SslStream.Close() 时,对等方会通过交换 TLS close_notify 消息安全地关闭 TLS 连接,然后底层的 TCP 连接会立即关闭。但是,如果您使用将 leaveInnerStreamOpen 参数设置为 true 的 SslStream 构造函数,则 TCP 连接不会关闭,并且可能会在其上发送进一步的 不安全 数据.例如,
var tcpClient = new TcpClient("127.0.0.1", 9876);
var tcpStream = tcpClient.GetStream();
var sslStream = new SslStream(tcpStream, true);
sslStream.AuthenticateAsClient("127.0.0.1");
sslStream.Write(....); // use the secure connection.
sslStream.Close(); // close the TLS connection: the tcp stream is still viable
tcpStream.Write(...) // use the unsecured TCP connection
tcpStream.Close(); // now the TCP connection is terminated.
现在手动通过 SSL 客户端实施 FTP 似乎相当棘手。就我个人而言,在尝试编写自己的实现之前,我会寻找现有的成熟实现。
FixedSslStream class 对我有用。当您对其调用 Close() 时,它会发送 SSL close_notify 警报!然后就可以继续向基本流发送明文数据了。
我正在通过 TLS/SSL using the SslStream class. Everything is going fine. However I need to support a command called "CCC" 连接到 FTPS 服务器,这基本上禁用了加密。如果我只是这样做:
SendCommand("CCC");
sslStream.Close();
netStream.Write("...<futher FTP commands>...")
然后FTP服务器用看似垃圾的数据(大约30字节)响应,之后不响应任何命令(超时)。
FTP日志如下:
# Connect()
Status: Connecting to ***:21
Response: 220-IPv6 connections are also welcome on this server.
Command: AUTH TLS
Response: 234 AUTH TLS OK.
Status: FTPS Authentication Successful
Command: USER ***
Response: 331 User *** OK. Password required
Command: PASS ***
Response: 230 OK. Current restricted directory is /
Command: PBSZ 0
Response: 200 PBSZ=0
Command: PROT P
Response: 200 Data protection level set to "private"
Status: Text encoding: System.Text.UTF8Encoding
Command: OPTS UTF8 ON
Response: 200 OK, UTF-8 enabled
Command: SYST
Response: 215 UNIX Type: L8
Command: CCC
Response: 200 Control connection unencrypted
Status: The stale data was: ************
如您所见,FTP 服务器发回“200 控制连接未加密”,这意味着命令成功。同样重要的是要注意,响应是以 加密格式 .
发送的所以我可能需要在禁用加密的同时继续使用 SslStream。禁用加密算法时,可能仍然需要 "block mode" 通信。有人知道我该怎么做吗?
What is the difference between "closing the secure connection" and dropping it?
"Closing the secure connection" 是指在不关闭底层 TCP 连接的情况下发送 TLS close_notify 警报。 SslStream class, through use of the constructors that take a bool innerStreamOpen argument 支持此功能。通常,当您调用 SslStream.Close() 时,对等方会通过交换 TLS close_notify 消息安全地关闭 TLS 连接,然后底层的 TCP 连接会立即关闭。但是,如果您使用将 leaveInnerStreamOpen 参数设置为 true 的 SslStream 构造函数,则 TCP 连接不会关闭,并且可能会在其上发送进一步的 不安全 数据.例如,
var tcpClient = new TcpClient("127.0.0.1", 9876);
var tcpStream = tcpClient.GetStream();
var sslStream = new SslStream(tcpStream, true);
sslStream.AuthenticateAsClient("127.0.0.1");
sslStream.Write(....); // use the secure connection.
sslStream.Close(); // close the TLS connection: the tcp stream is still viable
tcpStream.Write(...) // use the unsecured TCP connection
tcpStream.Close(); // now the TCP connection is terminated.
现在手动通过 SSL 客户端实施 FTP 似乎相当棘手。就我个人而言,在尝试编写自己的实现之前,我会寻找现有的成熟实现。
FixedSslStream class 对我有用。当您对其调用 Close() 时,它会发送 SSL close_notify 警报!然后就可以继续向基本流发送明文数据了。