Topic "FTP over explicit TLS/SSL ?"

Author Message
guest

Guest


Do you have any plans to add this protocol to the program. I would really like to use the sync feature, but I need it to work with my server.
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
It is on TODO list already. But I cannot tell when it will be implemented.
_________________
Martin Prikryl
Guest




prikryl wrote:
It is on TODO list already. But I cannot tell when it will be implemented.

Thank you for considering this feature! I hope it will be soon!
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
This issue has been added to tracker.
_________________
Martin Prikryl
BijuGC
[View user's profile]

Joined: 2005-01-29
Posts: 8
@Topic FTPS
prikryl wrote:
~Biju wrote:
http://en.wikipedia.org/wiki/Comparison_of_FTP_clients
say FileZilla have FTPS (FTP over SSL) and secure-FTP (FTP over SSH)

So why cant we borrow it, just like we did for FTP

Sure, we can. It just means to integrate OpenSSL into WinSCP. Which means bloat of binary size Sad
Why not consider a plugin style architecture for WinSCP, with a strip down stand alone exe file. And the install version should come with other protocol like FTP, FTPS, WebDAV.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
BijuGC wrote:
Why not consider a plugin style architecture for WinSCP, with a strip down stand alone exe file. And the install version should come with other protocol like FTP, FTPS, WebDAV.

I have thought about it too. But I like the fact WinSCP is just a single file that works as is.
Guest




Can you please give us an update on this feature?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Quote:
Can you please give us an update on this feature?

Sorry, nothing new.
_________________
Martin Prikryl
LonelyPixel

Guest


Hi,
I just upgraded from 3.8 to 4.0.7 as I found out that it supports FTP, too, now. This is great because the FTP client I used before always nagged me with a "License reminder" and expired from time to time forcing me to an upgrade. Wink Sadly WinSCP doesn't support FTP/SSL yet which keeps me from recommending it to my clients as FTP client. I already do recommend it as SFTP client though.

You say OpenSSL would bloat the binary. By how much? My 3.8 binary is 1.2 MB, the 4.0.7 binary is 4.8 MB. PHP's OpenSSL DLLs are 1.4 MB. I don't think that would hurt too much considering the current size increase already.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
LonelyPixel wrote:
You say OpenSSL would bloat the binary. By how much? My 3.8 binary is 1.2 MB, the 4.0.7 binary is 4.8 MB. PHP's OpenSSL DLLs are 1.4 MB. I don't think that would hurt too much considering the current size increase already.

EXE size of 3.8 was 4.0 MB. You refer to compressed standalone binary, which is 1.25 MB in 4.1.
_________________
Martin Prikryl
lonelypixel

Guest


Ah, okay, I just looked at what I found on my disk. Right, I had a single binary before and now used the multi-language installer.
Guest




Just checking. Do you have an estimated timeframe as to when this feature will be implemented?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Anonymous wrote:
Just checking. Do you have an estimated timeframe as to when this feature will be implemented?

Not yet.
_________________
Martin Prikryl
Sarma M.N

Guest


Hi,

I am trying send a file through SFTP to a destination. But they say that I will be able to send out file only if my software has Implicity SSL/SSO Connection enabled.

I am using WinSCP and please help me how can I send out the file. Your prompt response would be greatly appreciated.

Thanks in advance.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Sarma M.N wrote:
I am trying send a file through SFTP to a destination. But they say that I will be able to send out file only if my software has Implicity SSL/SSO Connection enabled.

WinSCP does not support SSL at all.
_________________
Martin Prikryl
Guest




Just checking again. Do you have an estimated timeframe as to when this feature will be implemented?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Quote:
Just checking again. Do you have an estimated timeframe as to when this feature will be implemented?

No. But I have raised its priority.
_________________
Martin Prikryl
Guest




prikryl wrote:
Quote:
Just checking again. Do you have an estimated timeframe as to when this feature will be implemented?

No. But I have raised its priority.


Thank you!
Nina

Guest


Hello Martin,
thanks for your great work!

I would really like to see this feature in WinSCP!

I have to use FileZilla for some of my projects, but I don't like it half as much as your program.

PS: I would also appreciate a Linux version. Wink
Guest




what do you suggest best ftps client since winscp doesn't even support ftps becuase size will inceased?
Better a client with more protocol supports that some MO more size.
Guest

Guest


I was just wondering if you made any progress on implementing FTP over SSL (explicit) in WinSCP?

I really like your tool, but this is required in my environment so it would be great to have.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Guest wrote:
I was just wondering if you made any progress on implementing FTP over SSL (explicit) in WinSCP?

Not yet.
_________________
Martin Prikryl
Schnulla

Guest


I also really need this feature because the
only secure transfer on Hosteurope Webpacks
is via "FTP over explicit TLS" Sad
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
It is implemented already.
_________________
Martin Prikryl
Schnulla

Guest


wooooohaaaaaaaaa man you are the best!!! Very Happy

BIG THANKS!! Very Happy
Schnulla

Guest


Is there already a binary snapshot available to download? Smile

Thx!
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Schnulla wrote:
Is there already a binary snapshot available to download? Smile

Not yet.
_________________
Martin Prikryl
Guest




Do you have an estimated time as to when the new version with this feature will be released?

Thank you for implementing the feature!!!!!!!!!!!!!!!!!
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Anonymous wrote:
Do you have an estimated time as to when the new version with this feature will be released?

Not yet. Month, two or three... Smile
_________________
Martin Prikryl
cruisen

Guest


Thank you. I am also waiting to use winscp for ftp over TLS!
R00st3r

Guest


I am following this thread and need FTP over Implicit SSL as well. It's been almost a year now that users have been asking for this feature. Do you have an ETA on when this might be released?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
R00st3r wrote:
I am following this thread and need FTP over Implicit SSL as well. It's been almost a year now that users have been asking for this feature. Do you have an ETA on when this might be released?

One or two months I hope. But I cannot promise that.
_________________
Martin Prikryl
spig

Guest


prikryl wrote:
R00st3r wrote:
I am following this thread and need FTP over Implicit SSL as well. It's been almost a year now that users have been asking for this feature. Do you have an ETA on when this might be released?

One or two months I hope. But I cannot promise that.


Any news on this yet? It's been a long time, and there's plenty of people looking for FTPS support. Even a beta would be useful!
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
spig wrote:
Any news on this yet? It's been a long time, and there's plenty of people looking for FTPS support. Even a beta would be useful!

Beta will be out within a month.
_________________
Martin Prikryl
Christian W.

Guest


Now this feature request is older than 1 year and the community is waiting for it.
I just want to say, here are more people waiting for that than the preveous speaker.
You have my support!
chemmix

Guest


I'm waiting too
Schnulla
[View user's profile]

Joined: 2009-02-02
Posts: 16
First I want to say thanks for
implementing this in v.4.2.1! Very Happy

It works fine here!

Question: Does FTP over explicit SSL
in WinSCP only encrypt the login and
password data or is also the file
transfer secured? Thanks Smile

(I ask this because in SmartFTP it is
possible to secure the file transfer
and the login process separately).
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Schnulla wrote:
Question: Does FTP over explicit SSL
in WinSCP only encrypt the login and
password data or is also the file
transfer secured? Thanks Smile

Both. I have updated documentation to cover that.
_________________
Martin Prikryl
Schnulla
[View user's profile]

Joined: 2009-02-02
Posts: 16
prikryl wrote:
Schnulla wrote:
Question: Does FTP over explicit SSL
in WinSCP only encrypt the login and
password data or is also the file
transfer secured? Thanks Smile

Both. I have updated documentation to cover that.


Good to know, thanks!
Vincenzo

Guest


Hello,

I've just a simple question, because I didn't reach to find this information on the WinSCP website.
Is there a way to use scripts with this new functionnality on the protocol FTP with SSL/TLS ?
If yes what's the correct parameter to use / specify ?

Thanks for you job,

Best regards
Vincenzo
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Vincenzo wrote:
I've just a simple question, because I didn't reach to find this information on the WinSCP website.
Is there a way to use scripts with this new functionnality on the protocol FTP with SSL/TLS ?
If yes what's the correct parameter to use / specify ?

Not yet. This request is being tracked already.

Yet this FAQ will show you workaround.
_________________
Martin Prikryl
Ben White

Guest


I am trying to use FTP with TLS Explicit encryption to a proftpd server.
I am getting the following error from WinSCP
Code:
Retrieving directory listing...
TYPE A
200 Type set to A
PORT 192,168,1,7,16,69
200 PORT command successful
LIST
150 Opening ASCII mode data connection for file list
SSL connection established
425 Unable to build data connection: Operation not permitted
Could not retrieve directory listing


Here is the error log from the proftpd server
Code:

May 01 18:45:20 mod_tls/2.3[2419]: starting TLS negotiation on data connection
May 01 18:45:21 mod_tls/2.3[2419]: did NOT reuse SSL session for data connection
May 01 18:45:21 mod_tls/2.3[2419]: Client did not reuse SSL session, rejecting data connection (see TLSOption NoSessionReuseRequired)
May 01 18:45:22 mod_tls/2.3[2419]: unable to open data connection: TLS negotiation failed


Is there a setting that forces WinSCP to reuse the same SSL session?
Any ideas how I can fix this?
I really don't want to use FileZilla
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
WinSCP cannot reuse the SSL session. You may remove the requirement on the server-side as workaround.
_________________
Martin Prikryl
ken_f_ca

Guest


When will 4.2 move from Beta to Production? We're not allowed to inplement Beta code in our enviroment.

Thank-you for all your efforts adding this feature.

Ken

Schnulla wrote:
First I want to say thanks for
implementing this in v.4.2.1! :D

It works fine here!

Question: Does FTP over explicit SSL
in WinSCP only encrypt the login and
password data or is also the file
transfer secured? Thanks :)

(I ask this because in SmartFTP it is
possible to secure the file transfer
and the login process separately).
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
ken_f_ca wrote:
When will 4.2 move from Beta to Production? We're not allowed to inplement Beta code in our enviroment.

Sorry, I'm not going to promise any dates.
_________________
Martin Prikryl
Shashank

Guest


HOw to figure out me whether Winscp supports TLS1.1 or TLS1.0 ??
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Shashank wrote:
HOw to figure out me whether Winscp supports TLS1.1 or TLS1.0 ??

TLS 1.0 only atm.
_________________
Martin Prikryl
Guest

Guest


Does WinScp support "FTP over explicit TLS/SSL" FTP protocol. I am using version 4.2.9(build 938)
If yes, how can I use it.
I was looking at the FTP dropdown and it has the following 4:-
1.No Encryption
2.SSL/TLS Implicit encryption
3.SSL explicit encryption
4.TLS explicit encryption

Thanks[/list]
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
You have to know if you need to use TLS or SSL. If you do not know, try TLS first.
_________________
Martin Prikryl
Gues

Guest


Hello
Thanks for the response.
I have tried all the 3 options and it doesn't work.
Thanks
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Are you able to connect with any other FTP client? Do you have anyone to ask, what kind of connection you are supposed to use with that server?
_________________
Martin Prikryl
Guest

Guest


Yes, I can connect with Filezilla and Core FTP LE. Filezilla has the "FTP over explicit TLS/SSL" FTP Protocol.
In Core FTP LE, the setting is:
Connection Type: Auth SSL
SSL Options:- Checked SSL Listing, SSL Transfer, Open SSL
Checked PASV
Thanks
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
So can you post a log file from both Filezilla and WinSCP?
_________________
Martin Prikryl
burger

Guest


prikryl wrote:
So can you post a log file from both Filezilla and WinSCP?


I'm a different person than the OP trying to get FTPES FTP over explicit TLS/SLL working, but here are my logs.

I tried WinSCP with both Explicit TLS and Explicit SSL, no luck.. here are the logs

I really wanted to use WinSCP to automate.. but it looks like it won't work.

Hopefully this will help you add this feature..


******** Explicit SSL

. 2011-02-17 10:10:44.570 --------------------------------------------------------------------------
. 2011-02-17 10:10:44.570 WinSCP Version 4.3.1 (Build 1099) (OS 6.1.7600)
. 2011-02-17 10:10:44.570 Login time: Thursday, February 17, 2011 10:10:44 AM
. 2011-02-17 10:10:44.570 --------------------------------------------------------------------------
. 2011-02-17 10:10:44.570 Session name: me@somewhere.net_ssl_ex
. 2011-02-17 10:10:44.570 Host name: ftp.myhost.net (Port: 21)
. 2011-02-17 10:10:44.571 User name: myusername(Password: Yes, Key file: No)
. 2011-02-17 10:10:44.571 Tunnel: No
. 2011-02-17 10:10:44.571 Transfer Protocol: FTP
. 2011-02-17 10:10:44.571 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2011-02-17 10:10:44.571 Proxy: none
. 2011-02-17 10:10:44.571 FTP: FTPS: Explicit SSL; Passive: Yes [Force IP: No]
. 2011-02-17 10:10:44.571 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2011-02-17 10:10:44.571 Cache directory changes: Yes, Permanent: Yes
. 2011-02-17 10:10:44.571 DST mode: 1
. 2011-02-17 10:10:44.571 --------------------------------------------------------------------------
. 2011-02-17 10:10:44.609 Connecting to ftp.myhost.net ...
. 2011-02-17 10:10:44.609 m_pSslLayer changed state from 0 to 1
. 2011-02-17 10:10:44.609 m_pSslLayer changed state from 1 to 2
. 2011-02-17 10:10:44.626 m_pSslLayer changed state from 2 to 4
. 2011-02-17 10:10:44.628 Connected with ftp.myhost.net, negotiating SSL connection...
< 2011-02-17 10:10:44.662 220 Microsoft FTP Service
> 2011-02-17 10:10:44.662 AUTH SSL
< 2011-02-17 10:10:44.696 234 AUTH command ok. Expecting TLS Negotiation.
. 2011-02-17 10:10:44.928 SSL_connect: error in SSLv3 read server hello B
. 2011-02-17 10:10:44.928 Can't establish SSL connection
. 2011-02-17 10:10:44.928 Disconnected from server
. 2011-02-17 10:10:44.929 Connection failed.
. 2011-02-17 10:10:44.929 Got reply 1004 to the command 1
* 2011-02-17 10:10:44.936 (ESshFatal) Connection failed.
* 2011-02-17 10:10:44.937 SSL_connect: error in SSLv3 read server hello B
* 2011-02-17 10:10:44.937 Can't establish SSL connection
* 2011-02-17 10:10:44.937 Disconnected from server
* 2011-02-17 10:10:44.937 Connection failed.
* 2011-02-17 10:10:44.937 AUTH command ok. Expecting TLS Negotiation.

******** Explicit TLS

. 2011-02-17 10:10:54.065 --------------------------------------------------------------------------
. 2011-02-17 10:10:54.066 WinSCP Version 4.3.1 (Build 1099) (OS 6.1.7600)
. 2011-02-17 10:10:54.066 Login time: Thursday, February 17, 2011 10:10:54 AM
. 2011-02-17 10:10:54.066 --------------------------------------------------------------------------
. 2011-02-17 10:10:54.066 Session name: me@ftp.myhost.net_tls_exp
. 2011-02-17 10:10:54.066 Host name: ftp.myhost.net (Port: 21)
. 2011-02-17 10:10:54.066 User name: myusername(Password: Yes, Key file: No)
. 2011-02-17 10:10:54.066 Tunnel: No
. 2011-02-17 10:10:54.066 Transfer Protocol: FTP
. 2011-02-17 10:10:54.066 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2011-02-17 10:10:54.066 Proxy: none
. 2011-02-17 10:10:54.066 FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: No]
. 2011-02-17 10:10:54.066 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2011-02-17 10:10:54.066 Cache directory changes: Yes, Permanent: Yes
. 2011-02-17 10:10:54.066 DST mode: 1
. 2011-02-17 10:10:54.066 --------------------------------------------------------------------------
. 2011-02-17 10:10:54.091 Connecting to ftp.myhost.net ...
. 2011-02-17 10:10:54.091 m_pSslLayer changed state from 0 to 1
. 2011-02-17 10:10:54.091 m_pSslLayer changed state from 1 to 2
. 2011-02-17 10:10:54.103 m_pSslLayer changed state from 2 to 4
. 2011-02-17 10:10:54.105 Connected with ftp.myhost.net, negotiating SSL connection...
< 2011-02-17 10:10:54.137 220 Microsoft FTP Service
> 2011-02-17 10:10:54.137 AUTH TLS
< 2011-02-17 10:10:54.172 234 AUTH command ok. Expecting TLS Negotiation.
. 2011-02-17 10:10:54.210 SSL_connect: error in SSLv3 read server hello B
. 2011-02-17 10:10:54.210 Can't establish SSL connection
. 2011-02-17 10:10:54.210 Disconnected from server
. 2011-02-17 10:10:54.210 Connection failed.
. 2011-02-17 10:10:54.210 Got reply 1004 to the command 1
* 2011-02-17 10:10:54.218 (ESshFatal) Connection failed.
* 2011-02-17 10:10:54.218 SSL_connect: error in SSLv3 read server hello B
* 2011-02-17 10:10:54.218 Can't establish SSL connection
* 2011-02-17 10:10:54.218 Disconnected from server
* 2011-02-17 10:10:54.218 Connection failed.
* 2011-02-17 10:10:54.218 AUTH command ok. Expecting TLS Negotiation.


********** Filezilla

Status: Resolving address of ftp.myhost.net
Status: Connecting to x.x.x.x:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220 Microsoft FTP Service
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH command ok. Expecting TLS Negotiation.
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: Handshake successful
Trace: Cipher: AES-128-CBC, MAC: SHA1
Status: Verifying certificate...
Trace: CFtpControlSocket::SendNextCommand()
Command: USER myusername
Status: TLS/SSL connection established.
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 331 Password required for myusername.
Trace: CFtpControlSocket::SendNextCommand()
Command: PASS *********
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 230 User logged in.
Trace: CFtpControlSocket::SendNextCommand()
Command: SYST
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 215 Windows_NT
Trace: CFtpControlSocket::SendNextCommand()
Command: FEAT
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 211-Extended features supported:
Response: LANG EN*
Response: UTF8
Response: AUTH TLS;TLS-C;SSL;TLS-P;
Response: PBSZ
Response: PROT C;P;
Response: CCC
Response: HOST
Response: SIZE
Response: MDTM
Response: 211 END
Trace: CFtpControlSocket::SendNextCommand()
Command: OPTS UTF8 ON
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON.
Trace: CFtpControlSocket::SendNextCommand()
Command: PBSZ 0
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 200 PBSZ command successful.
Trace: CFtpControlSocket::SendNextCommand()
Command: PROT P
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 200 PROT command successful.
Status: Connected
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Trace: CFileZillaEnginePrivate::ResetOperation(0)
Status: Retrieving directory listing...
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::ChangeDirSend()
Command: PWD
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 257 "/" is current directory.
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Trace: CFtpControlSocket::ParseSubcommandResult(0)
Trace: CFtpControlSocket::ListSubcommandResult()
Trace: state = 1
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: state = 1
Command: TYPE I
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 200 Type set to I.
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 2
Trace: state = 1
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: state = 2
Command: PASV
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 227 Entering Passive Mode (216,154,194,28,21,27).
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 2
Trace: state = 2
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: state = 4
Command: LIST
Trace: CTransferSocket::OnConnect
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 150 Opening BINARY mode data connection.
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 1
Trace: state = 4
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: state = 5
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: Handshake successful
Trace: Session resumed
Trace: Cipher: AES-128-CBC, MAC: SHA1
Trace: CTransferSocket::OnConnect
Trace: CTlsSocket::OnRead()
Trace: CTransferSocket::OnReceive(), m_transferMode=0
Trace: CTransferSocket::TransferEnd(1)
Trace: CFtpControlSocket::TransferEnd()
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 226 Transfer complete.
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 2
Trace: state = 7
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Trace: CFtpControlSocket::ParseSubcommandResult(0)
Trace: CFtpControlSocket::ListSubcommandResult()
Trace: state = 3
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::ListSend()
Trace: state = 4
Status: Calculating timezone offset of server...
Command: MDTM Test.txt
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 213 20110214163927
Trace: CFtpControlSocket::ListParseResponse()
Status: Timezone offsets: Server: -18000 seconds. Local: -21600 seconds. Difference: -3600 seconds.
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Status: Directory listing successful
Trace: CFileZillaEnginePrivate::ResetOperation(0)


***** Core FTP Pro

WinSock 2.0
Mem -- 4,194,303 KB, Virt -- 2,097,024 KB
Started on Thursday February 17, 2011 at 10:17:AM
Resolving ftp.myhost.net...
Connect socket #948 to 216.154.194.28, port 21...
220 Microsoft FTP Service
AUTH SSL
234 AUTH command ok. Expecting TLS Negotiation.
TLSv1, cipher TLSv1/SSLv3 (AES128-SHA) - 128 bit
USER myusername
331 Password required for myusername.
PASS **********
230 User logged in.
SYST
215 Windows_NT
Keep alive off...
PWD
257 "/" is current directory.
PBSZ 0
200 PBSZ command successful.
PROT P
200 PROT command successful.
PASV
227 Entering Passive Mode (216,154,194,28,21,47).
LIST
Connect socket #1008 to 216.154.194.28, port 5423...
TLSv1, cipher TLSv1/SSLv3 (AES128-SHA) - 128 bit
150 Opening ASCII mode data connection.
226 Transfer complete.
Transferred 49 bytes in 0.011 seconds


**** good luck..
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
burger wrote:
I'm a different person than the OP trying to get FTPES FTP over explicit TLS/SLL working, but here are my logs.

I tried WinSCP with both Explicit TLS and Explicit SSL, no luck.. here are the logs

I really wanted to use WinSCP to automate.. but it looks like it won't work.

Hopefully this will help you add this feature..

Thanks for your post. This issue is being tracked already.
_________________
Martin Prikryl
LALILU

Guest


Hi

I have the same Problem with the Version 4.3.2 (Build 1201).

Here are the LogFiles from WinSCP and FileZilla:


WinSCP:
Code:

--------------------------------------------------------------------------
WinSCP Version 4.3.2 (Build 1201) (OS 5.1.2600 Service Pack 2)
Login time: Mittwoch, 16. Mrz 2011 12:54:50
--------------------------------------------------------------------------
Session name: ************************
Host name: ************** (Port: 21)
User name: *************** (Password: Yes, Key file: No)
Tunnel: No
Transfer Protocol: FTP
Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
Proxy: none
FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: Yes]
Local directory: default, Remote directory: home, Update: No, Cache: Yes
Cache directory changes: Yes, Permanent: Yes
DST mode: 1
--------------------------------------------------------------------------
Verbinde mit *************** ...
Verbunden mit *****************, Etabliere SSL Verbindung...
220 FTP Server ready.
AUTH TLS
234 AUTH TLS successful
SSL Verbindung hergestellt. Erwarte die Willkommensnachricht...
USER *************
331 Password required for **************
PASS *************
230 User ************* logged in
SYST
215 UNIX Type: L8
FEAT
211-Features:
 LANG en-US.UTF-8;en-US*
 MDTM
 MFMT
 TVFS
 AUTH TLS
 UTF8
 MFF modify;UNIX.group;UNIX.mode;
 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 PBSZ
 PROT
 REST STREAM
 SIZE
211 End
OPTS UTF8 ON
200 UTF8 set to on
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
Verbunden
--------------------------------------------------------------------------
Using FTP protocol.
Doing startup conversation with host.
PWD
257 "/htdocs" is the current directory
Getting current directory name.
Rufe Verzeichnisinhalt ab...
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (************).
LIST -a
150 Opening ASCII mode data connection for file list
SSL Verbindung hergestellt
Konnte Verzeichnisinhalt nicht abrufen
425 Unable to build data connection: Operation not permitted
Rufe Verzeichnisinhalt ab...
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (************).
LIST
150 Opening ASCII mode data connection for file list
425 Unable to build data connection: Operation not permitted
Konnte Verzeichnisinhalt nicht abrufen
(ECommand) Fehler beim Anzeigen des Verzeichnisses "/htdocs".
Konnte Verzeichnisinhalt nicht abrufen
Unable to build data connection: Operation not permitted
Startup conversation with host finished.



FileZilla:
Code:

Status:   Resolving address of ***************
Status:   Connecting to ************...
Status:   Verbindung hergestellt, warte auf Willkommensnachricht...
Antwort:   220 FTP Server ready.
Befehl:   AUTH TLS
Antwort:   234 AUTH TLS successful
Status:   Starte TLS...
Status:   berprfe Zertifikat...
Befehl:   USER **************
Status:   TLS/SSL Verbindung hergestellt-
Antwort:   331 Password required for ************
Befehl:   PASS *************
Antwort:   230 User *********** logged in
Befehl:   SYST
Antwort:   215 UNIX Type: L8
Befehl:   FEAT
Antwort:   211-Features:
Antwort:    LANG en-US.UTF-8;en-US*
Antwort:    MDTM
Antwort:    MFMT
Antwort:    TVFS
Antwort:    AUTH TLS
Antwort:    UTF8
Antwort:    MFF modify;UNIX.group;UNIX.mode;
Antwort:    MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
Antwort:    PBSZ
Antwort:    PROT
Antwort:    REST STREAM
Antwort:    SIZE
Antwort:   211 End
Befehl:   OPTS UTF8 ON
Antwort:   200 UTF8 set to on
Befehl:   PBSZ 0
Antwort:   200 PBSZ 0 successful
Befehl:   PROT P
Antwort:   200 Protection set to Private
Status:   Verbunden
Status:   Empfange Dateilisten...
Befehl:   PWD
Antwort:   257 "/htdocs" is the current directory
Befehl:   TYPE I
Antwort:   200 Type set to I
Befehl:   PASV
Antwort:   227 Entering Passive Mode (*************).
Befehl:   MLSD
Antwort:   150 Opening ASCII mode data connection for MLSD
Antwort:   226 Transfer complete
Status:   Dateiauflistung abgeschlossen
Fehler:   Connection closed by server


Is this a new Bug?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
LALILU wrote:
I have the same Problem with the Version 4.3.2 (Build 1201).

I would need complete log files (without obfuscating the IP addresses at least). You can email them to me, if you do not want to post them publicly.
_________________
Martin Prikryl
LALILU_

Guest


prikryl wrote:
LALILU wrote:
I have the same Problem with the Version 4.3.2 (Build 1201).

I would need complete log files (without obfuscating the IP addresses at least). You can email them to me, if you do not want to post them publicly.

Allright. Here the complete Logs.

WinSCP:
Code:

--------------------------------------------------------------------------
WinSCP Version 4.3.2 (Build 1201) (OS 5.1.2600 Service Pack 2)
Login time: Montag, 21. M�rz 2011 15:08:07
--------------------------------------------------------------------------
Session name: HostServer/...
Host name: ... (Port: 21)
User name: ... (Password: Yes, Key file: No)
Tunnel: No
Transfer Protocol: FTP
Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
Proxy: none
FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: Yes]
Local directory: default, Remote directory: home, Update: No, Cache: Yes
Cache directory changes: Yes, Permanent: Yes
DST mode: 1
--------------------------------------------------------------------------
Verbinde mit ... ...
Verbunden mit ..., Etabliere SSL Verbindung...
220 FTP Server ready.
AUTH TLS
234 AUTH TLS successful
SSL Verbindung hergestellt. Erwarte die Willkommensnachricht...
USER myusername
331 Password required for ...
PASS *************
230 User myusername logged in
SYST
215 UNIX Type: L8
FEAT
211-Features:
 LANG en-US.UTF-8;en-US*
 MDTM
 MFMT
 TVFS
 AUTH TLS
 UTF8
 MFF modify;UNIX.group;UNIX.mode;
 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 PBSZ
 PROT
 REST STREAM
 SIZE
211 End
OPTS UTF8 ON
200 UTF8 set to on
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
Verbunden
--------------------------------------------------------------------------
Using FTP protocol.
Doing startup conversation with host.
PWD
257 "/htdocs" is the current directory
Getting current directory name.
Rufe Verzeichnisinhalt ab...
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (...).
LIST -a
150 Opening ASCII mode data connection for file list
SSL Verbindung hergestellt
425 Unable to build data connection: Operation not permitted
Konnte Verzeichnisinhalt nicht abrufen
Rufe Verzeichnisinhalt ab...
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (...).
LIST
150 Opening ASCII mode data connection for file list
SSL Verbindung hergestellt
425 Unable to build data connection: Operation not permitted
Konnte Verzeichnisinhalt nicht abrufen
(ECommand) Fehler beim Anzeigen des Verzeichnisses "/htdocs".
Konnte Verzeichnisinhalt nicht abrufen
Unable to build data connection: Operation not permitted
Startup conversation with host finished.


FileZilla:
Code:

Status:   Resolving address of ...
Status:   Connecting to ...
Status:   Verbindung hergestellt, warte auf Willkommensnachricht...
Antwort:   220 FTP Server ready.
Befehl:   AUTH TLS
Antwort:   234 AUTH TLS successful
Status:   Starte TLS...
Status:   �berpr�fe Zertifikat...
Befehl:   USER myusername
Status:   TLS/SSL Verbindung hergestellt-
Antwort:   331 Password required for ...
Befehl:   PASS *************
Antwort:   230 User myusername logged in
Befehl:   SYST
Antwort:   215 UNIX Type: L8
Befehl:   FEAT
Antwort:   211-Features:
Antwort:    LANG en-US.UTF-8;en-US*
Antwort:    MDTM
Antwort:    MFMT
Antwort:    TVFS
Antwort:    AUTH TLS
Antwort:    UTF8
Antwort:    MFF modify;UNIX.group;UNIX.mode;
Antwort:    MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
Antwort:    PBSZ
Antwort:    PROT
Antwort:    REST STREAM
Antwort:    SIZE
Antwort:   211 End
Befehl:   OPTS UTF8 ON
Antwort:   200 UTF8 set to on
Befehl:   PBSZ 0
Antwort:   200 PBSZ 0 successful
Befehl:   PROT P
Antwort:   200 Protection set to Private
Status:   Verbunden
Status:   Empfange Dateilisten...
Befehl:   PWD
Antwort:   257 "/htdocs" is the current directory
Befehl:   TYPE I
Antwort:   200 Type set to I
Befehl:   PASV
Antwort:   227 Entering Passive Mode (...).
Befehl:   MLSD
Antwort:   150 Opening ASCII mode data connection for MLSD
Antwort:   226 Transfer complete
Status:   Dateiauflistung abgeschlossen
Guest




prikryl wrote:
LALILU wrote:
I have the same Problem with the Version 4.3.2 (Build 1201).

I would need complete log files (without obfuscating the IP addresses at least). You can email them to me, if you do not want to post them publicly.


Damn. Sorry. Here the correct one.

WinSCP:
Code:

--------------------------------------------------------------------------
WinSCP Version 4.3.2 (Build 1201) (OS 5.1.2600 Service Pack 2)
Login time: Montag, 21. M�rz 2011 15:14:25
--------------------------------------------------------------------------
Session name: HostServer/...
Host name: ... (Port: 21)
User name: ... (Password: Yes, Key file: No)
Tunnel: No
Transfer Protocol: FTP
Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
Proxy: none
FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: Yes]
Local directory: default, Remote directory: home, Update: No, Cache: Yes
Cache directory changes: Yes, Permanent: Yes
DST mode: 1
--------------------------------------------------------------------------
Verbinde mit ...
Verbunden mit ..., Etabliere SSL Verbindung...
220 FTP Server ready.
AUTH TLS
234 AUTH TLS successful
SSL Verbindung hergestellt. Erwarte die Willkommensnachricht...
USER ...
331 Password required for ...
PASS *************
230 User  ... logged in
SYST
215 UNIX Type: L8
FEAT
211-Features:
 LANG en-US.UTF-8;en-US*
 MDTM
 MFMT
 TVFS
 AUTH TLS
 UTF8
 MFF modify;UNIX.group;UNIX.mode;
 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 PBSZ
 PROT
 REST STREAM
 SIZE
211 End
OPTS UTF8 ON
200 UTF8 set to on
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
Verbunden
--------------------------------------------------------------------------
Using FTP protocol.
Doing startup conversation with host.
PWD
257 "/htdocs" is the current directory
Getting current directory name.
Rufe Verzeichnisinhalt ab...
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (...).
LIST -a
150 Opening ASCII mode data connection for file list
425 Unable to build data connection: Operation not permitted
Konnte Verzeichnisinhalt nicht abrufen
Rufe Verzeichnisinhalt ab...
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (...).
LIST
150 Opening ASCII mode data connection for file list
SSL Verbindung hergestellt
425 Unable to build data connection: Operation not permitted
Konnte Verzeichnisinhalt nicht abrufen
(ECommand) Fehler beim Anzeigen des Verzeichnisses "/htdocs".
Konnte Verzeichnisinhalt nicht abrufen
Unable to build data connection: Operation not permitted
Startup conversation with host finished.


FileZilla:
Code:

Status:   Resolving address of ...
Status:   Connecting to ......
Status:   Verbindung hergestellt, warte auf Willkommensnachricht...
Antwort:   220 FTP Server ready.
Befehl:   AUTH TLS
Antwort:   234 AUTH TLS successful
Status:   Starte TLS...
Status:   �berpr�fe Zertifikat...
Befehl:   USER ...
Status:   TLS/SSL Verbindung hergestellt-
Antwort:   331 Password required for ...
Befehl:   PASS *************
Antwort:   230 User ... logged in
Befehl:   SYST
Antwort:   215 UNIX Type: L8
Befehl:   FEAT
Antwort:   211-Features:
Antwort:    LANG en-US.UTF-8;en-US*
Antwort:    MDTM
Antwort:    MFMT
Antwort:    TVFS
Antwort:    AUTH TLS
Antwort:    UTF8
Antwort:    MFF modify;UNIX.group;UNIX.mode;
Antwort:    MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
Antwort:    PBSZ
Antwort:    PROT
Antwort:    REST STREAM
Antwort:    SIZE
Antwort:   211 End
Befehl:   OPTS UTF8 ON
Antwort:   200 UTF8 set to on
Befehl:   PBSZ 0
Antwort:   200 PBSZ 0 successful
Befehl:   PROT P
Antwort:   200 Protection set to Private
Status:   Verbunden
Status:   Empfange Dateilisten...
Befehl:   PWD
Antwort:   257 "/htdocs" is the current directory
Befehl:   TYPE I
Antwort:   200 Type set to I
Befehl:   PASV
Antwort:   227 Entering Passive Mode (...).
Befehl:   MLSD
Antwort:   150 Opening ASCII mode data connection for MLSD
Antwort:   226 Transfer complete
Status:   Dateiauflistung abgeschlossen
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Thanks. I do not see anything wrong in the log files. May I have a test account on your server?
_________________
Martin Prikryl
LALILU

Guest


prikryl wrote:
Thanks. I do not see anything wrong in the log files. May I have a test account on your server?


Hi Martin,
i sent an email with the testaccount in a pgp encrypted file.

Thanks
Armin
Guest




LALILU wrote:
prikryl wrote:
Thanks. I do not see anything wrong in the log files. May I have a test account on your server?


Hi Martin,
i sent an email with the testaccount in a pgp encrypted file.

Thanks
Armin

Hi Martin,

have you found any solutions with my FTP-Server?

Regards
Armin
LALILU
[View user's profile]
Donor
Joined: 2011-04-01
Posts: 15
Location: Germany
Anonymous wrote:
LALILU wrote:
prikryl wrote:
Thanks. I do not see anything wrong in the log files. May I have a test account on your server?


Hi Martin,
i sent an email with the testaccount in a pgp encrypted file.

Thanks
Armin

Hi Martin,

have you found any solutions with my FTP-Server?

Regards
Armin


Hi Martin,

thanks for your effort. Ill found it on your tracker. Im using your WinSCP a few years and this is the first problem i have with it. Really nice work! Ill do a donation for you soon.

Regards
Armin
war59312
[View user's profile]

Joined: 2010-12-06
Posts: 6
Location: U.S.A
Hey,

Any chance on supporting http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html now?

I know you mentioned above to turn it off server side.

I have and it works as mentioned.

But was hoping it could finally be supported now?

Thanks,

Will
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
war59312 wrote:

I didn't have a luck resolving this yet. Will give it another try soon.
war59312
[View user's profile]

Joined: 2010-12-06
Posts: 6
Location: U.S.A
Nice, thanks for looking into it.

And thanks for unbanning my account. Odd how it bans you if use a bad keyword in your post. Too strong of a spam filter it seems.
amraam

Guest


Hello,

I just wanted to mention that I would need this feature as well. This is the only thing that forces me to use FileZilla (whose interface I don't like) parallely to WinSCP.

So while Chris Evans thinks not many people need FTP over SSL I need it because my webhoster offers no other secure connection methods.
Numirium

Guest


prikryl wrote:
WinSCP cannot reuse the SSL session. You may remove the requirement on the server-side as workaround.


Hi, pls, do you plan to add support for reusing? "Server side workaround" sounds horribly Smile.

In some situations is this workaround impossible and is feel as security flaw by my clients.
LALILU
[View user's profile]
Donor
Joined: 2011-04-01
Posts: 15
Location: Germany
Hi prikryl,

did you had an experience about this problem?

Greets
Armin
Auth

Guest


Hi,I have an email account with 3web.com.two days ago I joeind Bell sympatico. I can receive email on my account but I can not send emails out. I did not start a new email account with sympatico.I like to use 3web.com instead.Would you know the way to make 3web mail on Sympatico.I use Window live mail.Thank you
LALILU
[View user's profile]
Donor
Joined: 2011-04-01
Posts: 15
Location: Germany
Hi Martin,

i´ve still got this problem.

Here are the part from my logfile where i loose the TLS-connection:

Code:

. 2015-08-03 15:32:12.547 Data connection opened
. 2015-08-03 15:32:12.547 Trying reuse main TLS session ID
. 2015-08-03 15:32:12.547 TLS layer changed state from none to connected
. 2015-08-03 15:32:12.573 Session ID reused
. 2015-08-03 15:32:12.573 TLS layer changed state from connected to aborted
. 2015-08-03 15:32:12.573 Disconnected from server
. 2015-08-03 15:32:12.573 Data connection closed
. 2015-08-03 15:32:12.573 Could not retrieve directory listing
. 2015-08-03 15:32:12.573 Got reply 1004 to the command 2
. 2015-08-03 15:32:12.573 Ignoring old TransferEnd message
. 2015-08-03 15:32:12.573 Connection was lost, asking what to do.
. 2015-08-03 15:32:12.573 Asking user:
. 2015-08-03 15:32:12.573 Lost connection. ("Disconnected from server","Could not retrieve directory listing")
* 2015-08-03 15:32:15.408 (ESshFatal) **Lost connection.**
* 2015-08-03 15:32:15.408 Disconnected from server
* 2015-08-03 15:32:15.408 Could not retrieve directory listing


You´ve got any idea?

Regards
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
I have sent you an email with a debug version of WinSCP to address you have used to register on this forum.
LALILU
[View user's profile]
Donor
Joined: 2011-04-01
Posts: 15
Location: Germany
Hi Martin,

now we´ve solved the problem by using the option "TLSOptions NoSessionReuseRequired" at the server-config.

Maybe you can find a workaround for this issue if someone cannot change his configuration on the server.

Regards

prikryl wrote:
I have sent you an email with a debug version of WinSCP to address you have used to register on this forum.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Thanks for this information!
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License