Topic "FTP TLS Explicit Encryption Problem"

Author Message
donoho
[View user's profile]

Joined: 2014-04-30
Posts: 6
I've spent many days trying to resolve this with info from documentation, forums, google at large. I signed up to post my issue downloading a file via FTPS w Explicit TLS Encryption (Data and Control) and encountered an unexpected different issue.


Successful Connection via CoreFTP GUI, directories/files are visible:

Code:
Welcome to Core FTP, release ver 2.2, build 1796 (x64) -- © 2003-2014
WinSock 2.0
Mem -- 8,388,152 KB, Virt -- 137,438,953,344 KB
Started on Wednesday April 30, 2014 at 16:42:PM
Resolving [DNS]... 
Connect socket #820 to [IP], port [PORT]...
220 SecurePortal2000 FTP_Mailbox Server Build 3.2 ready. 20140430164302 
AUTH TLS 
234 Command OK. 
TLSv1, cipher TLSv1/SSLv3 (DHE-RSA-AES256-SHA) - 256 bit
USER [USERNAME] 
331 Password required. 
PASS ********** 
230 Login successful. 
SYST 
502 SYST command not implemented. 
Keep alive off...
PWD 
257 "/" is current directory 
PBSZ 0 
200 Command OK. 
PROT P 
200 Command OK. 
PASV 
227 Entering Passive Mode ([IP]) 
LIST 
Connect socket #864 to [IP], port [PORT]...
TLSv1, cipher TLSv1/SSLv3 (DHE-RSA-AES256-SHA) - 256 bit
150 Opening ASCII mode data connection. 
226 Transfer complete. 
Transferred 207 bytes in 0.011 seconds 
CWD /archive 
250 CWD command successful. 
PASV 
227 Entering Passive Mode ([IP]) 
LIST 
Connect socket #884 to [IP], port [PORT]...
TLSv1, cipher TLSv1/SSLv3 (DHE-RSA-AES256-SHA) - 256 bit
150 Opening ASCII mode data connection. 
226 Transfer complete. 
Transferred 840 bytes in 0.017 seconds 
QUIT 
221 Goodbye. 

Successful Connection via FileZilla GUI directories/files visible:

Code:
FileZilla

16:45:52   Status:   Resolving address of [SITE]
16:45:52   Status:   Connecting to [IP:PORT]...
16:45:52   Status:   Connection established, waiting for welcome message...
16:45:52   Response:   220 SecurePortal2000 FTP_Mailbox Server Build 3.2 ready. 20140430164551
16:45:52   Command:   AUTH TLS
16:45:52   Response:   234 Command OK.
16:45:52   Status:   Initializing TLS...
16:45:52   Status:   Verifying certificate...
16:45:52   Command:   USER [USERNAME]
16:45:52   Status:   TLS/SSL connection established.
16:45:52   Response:   331 Password required.
16:45:52   Command:   PASS **********
16:45:52   Response:   230 Login successful.
16:45:52   Command:   PBSZ 0
16:45:52   Response:   200 Command OK.
16:45:52   Command:   PROT P
16:45:52   Response:   200 Command OK.
16:45:52   Status:   Connected
16:45:52   Status:   Retrieving directory listing...
16:45:52   Command:   CWD /archive
16:45:52   Response:   250 CWD command successful.
16:45:52   Command:   TYPE I
16:45:52   Response:   200 Type set to I.
16:45:52   Command:   PASV
16:45:53   Response:   227 Entering Passive Mode ([IP])
16:45:53   Command:   LIST
16:45:53   Response:   150 Opening BINARY mode data connection.
16:45:53   Response:   226 Transfer complete.
16:45:53   Status:   Directory listing successful


Connection successfully made but directories/files unavailable in GUI

Code:
--------------------------------------------------------------------------
WinSCP Version 5.5.3 (Build 4214) (OS 6.3.9600 - Windows Server 2012 R2 Standard)
Time zone: Current: GMT-4, Standard: GMT-5 (Eastern Standard Time), DST: GMT-4 (Eastern Daylight Time), DST Start: 3/9/2014, DST End: 11/2/2014
Login time: Wednesday, April 30, 2014 5:36:41 PM
--------------------------------------------------------------------------
Session name: [NAME] (Modified site)
Host name: [SITE] (Port: [PORT])
User name: [USER] (Password: Yes, Key file: No)
Tunnel: No
Transfer Protocol: FTP
Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
Proxy: none
Send buffer: 262144
FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: A]; MLSD: A [List all: A]
Session reuse: Yes
TLS/SSL versions: SSLv3-TLSv1.2
Local directory: default, Remote directory: /inbox/, Update: No, Cache: Yes
Cache directory changes: Yes, Permanent: Yes
DST mode: 1; Timezone offset: 0h 0m
--------------------------------------------------------------------------
Connecting to [SITE:PORT] ...
Connected with [SITE:PORT], negotiating TLS connection...
220 SecurePortal2000 FTP_Mailbox Server Build 3.2 ready. 20140430173641
AUTH TLS
234 Command OK.
Verifying certificate for "[SITE]" with fingerprint [FINGERPRINT]
Certificate for "DB" matches cached fingerprint
Using TLSv1, cipher TLSv1/SSLv3: DHE-RSA-AES256-SHA, 1024 bit RSA
TLS connection established. Waiting for welcome message...
USER [USER]
331 Password required.
PASS ***************
230 Login successful.
SYST
502 SYST command not implemented.
FEAT
550 Syntax error
PBSZ 0
200 Command OK.
PROT P
200 Command OK.
Connected
--------------------------------------------------------------------------
Using FTP protocol.
Doing startup conversation with host.
PWD
257 "/" is current directory
Changing directory to "/inbox/".
CWD /inbox/
250 CWD command successful.
Getting current directory name.
PWD
257 "/inbox" is current directory
Retrieving directory listing...
TYPE A
200 Type set to A.
PASV
227 Entering Passive Mode (160,83,77,211,240,124)
LIST -a
552 Syntax error.
Could not retrieve directory listing
LIST with -a failed, walling back to pure LIST
Retrieving directory listing...
TYPE A
200 Type set to A.
PASV
227 Entering Passive Mode (160,83,77,211,240,125)
LIST
150 Opening ASCII mode data connection.
TLS connection established
-r-------- [USER]     [SIZE] [DATE] [FILE]
226 Transfer complete.
Directory listing successful
..;D;0;1899-12-30T05:00:00.000Z;"" [0];"" [0];---------;0
Startup conversation with host finished.


I was pretty amazed to see the log actually list the directories/files, however I still can't 1) see them in the GUI 2) GET them.

Thanks, I hope I've provided enough information.
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24555
Location: Prague, Czechia
Thanks for your log.

Can you please share an actual (not obfuscated) listing?
donoho
[View user's profile]

Joined: 2014-04-30
Posts: 6
prikryl wrote:
Thanks for your log.

Can you please share an actual (not obfuscated) listing?


Thank you for the follow up.

Do you need me to share the non-obfuscated listing publicly?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24555
Location: Prague, Czechia
donoho wrote:
Do you need me to share the non-obfuscated listing publicly?

You can mark attached log as private.
_________________
Martin Prikryl
donoho
[View user's profile]

Joined: 2014-04-30
Posts: 6
prikryl wrote:
donoho wrote:
Do you need me to share the non-obfuscated listing publicly?

You can mark attached log as private.


Thanks. Will do.
donoho
[View user's profile]

Joined: 2014-04-30
Posts: 6
prikryl wrote:
donoho wrote:
Do you need me to share the non-obfuscated listing publicly?

You can mark attached log as private.


Logs attached, thanks.
ftp_logs.txt (5.57 KB) Private file

Description: (none)

martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24555
Location: Prague, Czechia
WinSCP does not support format of directory listing used by your server. Particularly because of the number between DB2FL and [USER]. More importantly your server does not support MLSD command that produce standardized listing (as opposite to an obsolete LIST command).
donoho
[View user's profile]

Joined: 2014-04-30
Posts: 6
prikryl wrote:
WinSCP does not support format of directory listing used by your server. Particularly because of the number between DB2FL and [USER]. More importantly your server does not support MLSD command that produce standardized listing (as opposite to an obsolete LIST command).


Thank you for taking the time to review, it's greatly appreciated.

This is an external server I connect to with no input/control over. It sounds like I won't be able to use WinSCP for this task. Is that correct?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24555
Location: Prague, Czechia
donoho wrote:
This is an external server I connect to with no input/control over. It sounds like I won't be able to use WinSCP for this task. Is that correct?

That's unfortunately true.
_________________
Martin Prikryl
donoho
[View user's profile]

Joined: 2014-04-30
Posts: 6
prikryl wrote:
donoho wrote:
This is an external server I connect to with no input/control over. It sounds like I won't be able to use WinSCP for this task. Is that correct?

That's unfortunately true.


Again, Thank you for taking the time to look into this.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License