WinSCP.SessionLocalException: 'Fingerprint for algorithm MD5 not supported'

Advertisement

moctey
Joined:
Posts:
2

WinSCP.SessionLocalException: 'Fingerprint for algorithm MD5 not supported'

I am receiving this error now:

WinSCP.SessionLocalException: 'Fingerprint for algorithm MD5 not supported'

Looks like it came after a change of fingerprint or more on the server.

What can I do? my algorithm parameter is "MD5"

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
33,710
Location:
Prague, Czechia

Re: WinSCP.SessionLocalException: 'Fingerprint for algorithm MD5 not supported'

What server is that? SFTP or FTPS? Or other? Please attach a full session log file showing the problem (using the latest version of WinSCP).

To generate the session log file, set Session.SessionLogPath. Submit the log with your post as an attachment. Note that passwords and passphrases not stored in the log. You may want to remove other data you consider sensitive though, such as host names, IP addresses, account names or file names (unless they are relevant to the problem). If you do not want to post the log publicly, you can mark the attachment as private.

Reply with quote

moctey
Joined:
Posts:
2

Log

I am using the .NET API

Here is the relevant part of the log:

. 2020-05-29 12:28:35.246 Connecting to ftp.xxxx.com:6200 ...
. 2020-05-29 12:28:35.266 Connected with ftp.xxxx.com:6200, negotiating TLS connection...
< 2020-05-29 12:28:35.281 220 xxxFTP Server
> 2020-05-29 12:28:35.281 AUTH TLS
< 2020-05-29 12:28:35.299 234 Using authentication type TLS
. 2020-05-29 12:28:35.458 Verifying certificate for "xxxx" with fingerprint xxxx and 18 failures
. 2020-05-29 12:28:35.458 Certificate common name "ftp.xxxxx.com" matches hostname
. 2020-05-29 12:28:35.459 Using TLSv1.2, cipher TLSv1.2: AES256-GCM-SHA384, 4096 bit RSA, AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
. 2020-05-29 12:28:35.459 TLS connection established. Waiting for welcome message...
< 2020-05-29 12:28:35.490 230 Logged on
> 2020-05-29 12:28:35.490 SYST
< 2020-05-29 12:28:35.505 215 UNIX emulated by FileZilla
> 2020-05-29 12:28:35.505 FEAT
< 2020-05-29 12:28:35.521 211-Features:
< 2020-05-29 12:28:35.521  MDTM
< 2020-05-29 12:28:35.521  REST STREAM
< 2020-05-29 12:28:35.521  SIZE
< 2020-05-29 12:28:35.521  MLST type*;size*;modify*;
< 2020-05-29 12:28:35.521  MLSD
< 2020-05-29 12:28:35.521  AUTH SSL
< 2020-05-29 12:28:35.521  AUTH TLS
< 2020-05-29 12:28:35.521  PROT
< 2020-05-29 12:28:35.521  PBSZ
< 2020-05-29 12:28:35.521  UTF8
< 2020-05-29 12:28:35.521  CLNT
< 2020-05-29 12:28:35.521  MFMT
< 2020-05-29 12:28:35.521  EPSV
< 2020-05-29 12:28:35.521  EPRT
< 2020-05-29 12:28:35.521 211 End
> 2020-05-29 12:28:35.522 CLNT WinSCP-release-5.17.5
< 2020-05-29 12:28:35.537 200 Don't care
> 2020-05-29 12:28:35.537 OPTS UTF8 ON
< 2020-05-29 12:28:35.554 202 UTF8 mode is always enabled. No need to send this command.
> 2020-05-29 12:28:35.554 PBSZ 0
< 2020-05-29 12:28:35.570 200 PBSZ=0
> 2020-05-29 12:28:35.570 PROT P
< 2020-05-29 12:28:35.585 200 Protection level set to P
. 2020-05-29 12:28:35.586 Connected
. 2020-05-29 12:28:35.586 --------------------------------------------------------------------------
. 2020-05-29 12:28:35.586 Using FTP protocol.
. 2020-05-29 12:28:35.586 Doing startup conversation with host.
> 2020-05-29 12:28:35.586 PWD
< 2020-05-29 12:28:35.603 257 "/" is current directory.
. 2020-05-29 12:28:35.603 Getting current directory name.
. 2020-05-29 12:28:35.603 Startup conversation with host finished.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
33,710
Location:
Prague, Czechia

Re: Log

FileZilla server does not support any checksum calculation command by default.
You can enable HASH command by editing FileZilla Server.xml:
<Item name="Enable HASH" type="numeric">1</Item>

Reply with quote

Guest

WinSCP.SessionLocalException: 'Fingerprint for algorithm MD5 not supported'

not sure what is the link with scanFingerprint?

Anyway I found out that I needed to use "SHA-1" instead of "MD5". Probably linked to a change of certificate on the thirdparty server

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
33,710
Location:
Prague, Czechia

Re: WinSCP.SessionLocalException: 'Fingerprint for algorithm MD5 not supported'

Sorry, you are right. I've misunderstood your question.
The change is due to this bug fix from 5.17.3:
Bug fix: SHA-1 fingerprint of TLS/SSL certificate was incorrectly presented as MD5 by Session.ScanFingerprint.
https://winscp.net/eng/docs/history?a=5.17.3

Reply with quote

Advertisement

You can post new topics in this forum