Using TLS with sessionurl

Advertisement

AndersRisager
Joined:
Posts:
2
Location:
Danmark

Using TLS with sessionurl

I am trying to use the the powershell script supplied here which makes it possible to have uploads in parallel. This will boost performance in my scenario by a mile, because i upload about 3000 files.
https://stackoverflow.com/questions/46822798/how-can-i-concurrently-upload-files-using-the-winscpnet-dll

My problem is that the host uses TLS and not sftp, and it seems the sessionurl does not support the tls thumbprint. The fingerprint is only for sftp.

If i connect without the hosts certificate thumbprint, it will give me the error "Peer certificate rejected". I can connect without using tls, but i prefer tls.

Is it possible to execute the batches in some other way than using sessionUrl or can the tls thumbprint be applied in some other way?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: Using TLS with sessionurl

TLS/SSL certificate fingerprint can be provided the same way as SSH host key fingerprints.

The next version of WinSCP will even allow you to generate the URL with the fingerprint.
https://winscp.net/tracker/1646

I'm sending you an email with a development version of WinSCP to the address you have used to register on this forum.

Reply with quote

AndersRisager
Joined:
Posts:
2
Location:
Danmark

Re: Using TLS with sessionurl

Thx for the fast reply. I will be looking forward to the dev version ; )

I tried to add the fingerprint like this, but i gues the syntax is wrong then:
$sessionUrl = "ftpes://[Username]:[Password];fingerprint=sha1-[Thumbprint]@[FtpDomain]"

It gives me this error:
SSH host key fingerprint "sha1-[Thumbprint]" does not match pattern /((ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-nistp(256|384|521))( |-))?(\d+ )?(([0-9a-f]{2}(:|-)){
15}[0-9a-f]{2}|[0-9a-zA-Z+/]{43}=)(;((ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-nistp(256|384|521))( |-))?(\d+ )?(([0-9a-f]{2}(:|-)){15}[0-9a-f]{2}|[0-9a-zA-Z+/]{43}=))*/

I can se that "sha1" is not part of this list "ssh-rsa|ssh-dss|ssh-ed25519|ecdsa-sha2-nistp", but have tried those as well.

I could not fint clues about this problem in the sessionUrl documentation.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: Using TLS with sessionurl

Just remove the "sha1-" part. For example:

ftpes://username:password;fingerprint=90:1a:bd:7a:bb:0d:0f:44:3d:bd:f0:2e:c6:4d:bb:b6:f9:58:f5:2d@example.com/

Reply with quote

Advertisement

You can post new topics in this forum