Sorry. Done with WinSCP. Please see my previous reply.
- tsrCharles
Post a reply
Before posting, please read how to report bug or request support effectively.
Bug reports without an attached log file are usually useless.
Topic review
- martin
I would prefer not to post the connection instructions. (1) for the obvious reason; and (2) it would be more complex than you may be picturing because the certificate is signed by an internal CA, not a public CA, so you would need the CA certificate as well.
Would you be willing to post (just) the host name privately? I do not think the problem is about certificates, so internal CA should not prevent me from testing this.
- tsrCharles
Thanks, you can close this ticket
I have it working with FileZilla client so I will not be pursuing WinSCP and further.
Speaking as a friend, I think you have an issue here. WS_FTP and FileZilla worked right out of the box. Literally. I downloaded FileZilla, fired it up, and a transfer ran (TLSv1.2, and with some work on the server end, TLSv1.3). Now it may be that what they are doing is wrong and what you are doing is right, or that what you are doing is better, but if that is the case you need to document what you need in the way of certificates, trust, etc. because it appears to be a non-typical requirement.
Thanks for your consideration.
Speaking as a friend, I think you have an issue here. WS_FTP and FileZilla worked right out of the box. Literally. I downloaded FileZilla, fired it up, and a transfer ran (TLSv1.2, and with some work on the server end, TLSv1.3). Now it may be that what they are doing is wrong and what you are doing is right, or that what you are doing is better, but if that is the case you need to document what you need in the way of certificates, trust, etc. because it appears to be a non-typical requirement.
Thanks for your consideration.
- tsrCharles
Let me try to summarize the way things behave.
*This is how I am hoping to use WinSCP.
| WinSCP | WS_FTP
-----------+--------+-----------------
No SSL/TLS | Works | Works
-----------+--------+--------------
TLS 1.1/1.2| Fails | Works
-----------+--------+------------
TLS 1.3 | * | Not supported
*This is how I am hoping to use WinSCP.
- tsrCharles
Thank you for your reply. Sorry for the slow response; one or two things going on :-)
I would prefer not to post the connection instructions. (1) for the obvious reason; and (2) it would be more complex than you may be picturing because the certificate is signed by an internal CA, not a public CA, so you would need the CA certificate as well.
I previously had it limited to 1.1 to 1.3; I just changed that to 1.1 to 1.2 and it fails the same way.
Also, I was not familiar with the terms implicit and explicit TLS. I tested both ways. I think what I am used to is what you call explicit TLS: that is, the connection is established in the clear and then the client sends
As I indicated I am something of a TLS expert but not at all an expert in Windows certificate management. Where do you expect the CA cert to be installed, and are there any special considerations?
I would prefer not to post the connection instructions. (1) for the obvious reason; and (2) it would be more complex than you may be picturing because the certificate is signed by an internal CA, not a public CA, so you would need the CA certificate as well.
I previously had it limited to 1.1 to 1.3; I just changed that to 1.1 to 1.2 and it fails the same way.
Also, I was not familiar with the terms implicit and explicit TLS. I tested both ways. I think what I am used to is what you call explicit TLS: that is, the connection is established in the clear and then the client sends
AUTH TLS (and if the client does not do so, the server prohibits all other commands).
As I indicated I am something of a TLS expert but not at all an expert in Windows certificate management. Where do you expect the CA cert to be installed, and are there any special considerations?
- martin
Re: Looking for help with FTPS TLS
Is the server open to the internet? Can we try to connect to it (not login)?
Can you try to limit TLS version in WinSCP. Like limiting it to 1.2 or 1.1.
https://winscp.net/eng/docs/ui_login_tls
Can you try to limit TLS version in WinSCP. Like limiting it to 1.2 or 1.1.
https://winscp.net/eng/docs/ui_login_tls
- tsrCharles
Server error
I have control of the server so if you want some change there I may be able to do it.
FWIW the server error is SSL protocol or certificate type is not supported. [Not terribly useful]
Recall I am using the same certificate chain sucessfully with WS_FTP.
FWIW the server error is SSL protocol or certificate type is not supported. [Not terribly useful]
Recall I am using the same certificate chain sucessfully with WS_FTP.
- tsrCharles
Looking for help with FTPS TLS
Version of WinSCP: 5.19.6 Build 12002 2022-02-22)
New problem – has never worked
Windows 10 Pro 64-bit
FTPS
No scripting
Error is:
Let me give you some background. I am not a TLS newbie. I teach certificate classes.
I can connect with WinSCP to this host if I use an FTP server without SSL/TLS.
If I try to connect with TLS (min 1.1, max 1.3) it fails with the indicated error.
I can connect to this host with SSL/TLS using WS_FTP, so we can assume the certificate chain is there.
What should I try? What should I be looking for? Thanks,
Charles
New problem – has never worked
Windows 10 Pro 64-bit
FTPS
No scripting
Error is:
SSL3 alert read: fatal: handshake failure
TLS connect: error in error
Can't establish TLS connection
Disconnected from server
Connection failed.
Let me give you some background. I am not a TLS newbie. I teach certificate classes.
I can connect with WinSCP to this host if I use an FTP server without SSL/TLS.
If I try to connect with TLS (min 1.1, max 1.3) it fails with the indicated error.
I can connect to this host with SSL/TLS using WS_FTP, so we can assume the certificate chain is there.
What should I try? What should I be looking for? Thanks,
Charles