Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

Barakato-sama

Re: 431 Failed to setup secure session.

@codepoet80: Thank you very much ! It works ^^
I was blocked with this since a week.
codepoet80

Re: 431 Failed to setup secure session.

akapl wrote:

Hello, I just changed SSL certificate from SAN certificate to WILDCARD certificate, but now I cannot connect to any of FTPS instances. I'm getting following events in log file.

< 2020-11-30 01:06:33.825 431 Failed to setup secure session.

I had the same problem, and managed to resolve. Posting here for anyone else who encounters this issue.
The root cause is that when changing the cert for your FTPS site it needs to be done in two different places. This happens ANY time you change the cert, even if its just a cert renewal -- it's not just for changing to wildcard certs.

The natural place to update the cert in IIS Manager is by selecting your FTP site on the Connections list on the left, then double clicking FTP SSL Settings. Do this first, change to your new cert, and apply.

Then go up near the top of the Connections and choose your server. Within your server's settings is ANOTHER "FTP SSL Settings" icon. Double click it, and repeat the steps. Make sure the site settings and server settings are the same, then re-try the connection from your client and it will work.
akapl

Re: 431 Failed to setup secure session.

I tried internal FTP client of Multi Commander with same result.

Successful connections was made with previous SAN Let's Encrypt certificate. Old WILDCARD certificate with sha256RSA works too..
martin

Re: 431 Failed to setup secure session.

akapl wrote:

Martin, do you think that encrypt algorithm can be source of the problem? I think, that there is nothing wrong with WinSCP.

Can be, but I do not know.
What does the log show? I see some successful and some failed connections.
Did you try any other FTPS client?
akapl

Re: 431 Failed to setup secure session.

Hello Martin,
I found that new WILDCARD certificate which I got from customer is using sha384RSA algorithm. I didn't found much relevant informations about algorithms supported by IIS at W2K16 Server, but I think that this can be problem. I compared old SAN certificate, old WILDCARD certificate and new WILDCARD certificate and found only this one significant difference.

Martin, do you think that encrypt algorithm can be source of the problem? I think, that there is nothing wrong with WinSCP.
martin

Re: 431 Failed to setup secure session.

Can you connect with any other FTP client? Can you post a more verbose log file?
akapl

431 Failed to setup secure session.

Hello, I just changed SSL certificate from SAN certificate to WILDCARD certificate, but now I cannot connect to any of FTPS instances. I'm getting following events in log file.
< 2020-11-30 01:06:33.825 220 
> 2020-11-30 01:06:33.825 AUTH TLS
< 2020-11-30 01:06:33.825 431 Failed to setup secure session.
> 2020-11-30 01:06:33.825 AUTH SSL
< 2020-11-30 01:06:33.825 431 Failed to setup secure session.
. 2020-11-30 01:06:33.825 Connection failed.
* 2020-11-30 01:06:33.910 (EFatal) Connection failed.
* 2020-11-30 01:06:33.910 Connection failed.
* 2020-11-30 01:06:33.910 Failed to setup secure session.