Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

martin

2024-03-11

Thanks for your feedback.

Timeruler

2024-03-07 12:10

We can confirm that the solution resolved the issue and we are now running with current version of WinSCP.

Thank you

Timeruler

2024-03-07 08:21

Hello Martin

I've now had a chance to look into the certificate, and the above mentioned link provided some excellent commands to verify the certificate.

And indeed our certificate seems to have an outdated encryption.
Suspect it's because it's an export from a keystore as mentioned in the article.

Running the openssl command (3.x) gave following information (passphrase needed):

openssl pkcs12 -in "x:\xxxx\xxx\XXXXX.pfx" -info -nokeys -nocerts

Info:

PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 1024

When we have time well try to use the info from the article to make a reencryption of the certificate an see if it will work with latest version of WinSCP

Thank you for the help

Guest

Re: error:0308010C:digital envelope routines::unsupported after upgrade

2024-03-04 09:45

I'll get back to you on that.

Looks promising, just got at few issues in other departments I need to take care of :D

Thank you for the suggestion.

Love your product

martin

Re: error:0308010C:digital envelope routines::unsupported after upgrade

2024-03-04

Would you be able to convert your certificate as described here?
cURL OpenSSL error error:0308010C:digital envelope routines::unsupported

Timeruler

Re: error:0308010C:digital envelope routines::unsupported after upgrade

2024-03-04 07:31

I would love to provide you with it, but the CA and Intermediate CA are jus under 8 months old as far as I know.
And as such I don't have access to an expired certificate.

I would be happy to provide you with as much details as possible, but i cannot provide a complete certificate.

martin

Re: error:0308010C:digital envelope routines::unsupported after upgrade

2024-03-02

Don't you have some maybe expired or otherwise invalid certificate of the same type/format that might be able to share with us?

Timeruler

error:0308010C:digital envelope routines::unsupported after upgrade

2024-03-01 12:58

Hello

it's from the danish goverment used to identify company.

OCES3 they are called here in Denmark.
itermediate:
C = DK
O = Den Danske Stat
CN = Den Danske Stat OCES udstedende-CA 1

Root CA:
C = DK
O = Den Danske Stat
CN = Den Danske Stat OCES rod-CA

Don't know if you can use that.

regards,
Lasse

martin

Re: error:0308010C:digital envelope routines::unsupported after upgrade

2024-03-01

Thanks for your report.
How did you get/generate the PFX?

Timeruler

error:0308010C:digital envelope routines::unsupported after upgrade

2024-03-01 07:53

Hello
We have been using WinSCP to connect to FTPS for a couple of years without any issues.

We recently upgrade to new certificate for connection, again without any issues.

But after upgrading WinSCP from version 5.19.6 to 6.3.1 we cannot establish FTPS connection.

We get following error message:

Cannot read certificate "D:\Scripts\XXXXXXXX.pfx".
error:0308010C:digital envelope routines::unsupported

We tried to upgrade OpenSSL to latest version on server, but that didn't have any impact.

We ended up rolling back to version 5.19.6 and everything was running again.