Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

minh

SSL3 alert write: fatal: handshake failure

Hello

I have this FTPS issue handshake failure (SSL3 alert write: fatal: handshake failure) when upgrading from v5.11.1 to v6.3.6. There aren't much options to set. I combed thru all the support threads and couldn't resolve this issue. TLS option is set to v1.1-v1.2. Plz suggest a solution ... Many thanks

Logs of bad connection with v6.3.6 ..... 
. 2025-03-12 16:45:57.462 --------------------------------------------------------------------------
. 2025-03-12 16:45:57.463 WinSCP Version 6.3.6 (Build 15073 2024-11-25) (OS 10.0.19045 – Windows 10 Enterprise)
. 2025-03-12 16:45:57.464 Configuration: P:\WinSCP_6_3_6\WinSCP.ini
. 2025-03-12 16:45:57.465 Log level: Debug 2
. 2025-03-12 16:45:57.465 Local account: xxxx\yyyy
. 2025-03-12 16:45:57.465 Working directory: P:\WinSCP_6_3_6
. 2025-03-12 16:45:57.465 Process ID: 17868
. 2025-03-12 16:45:57.480 Ancestor processes: explorer, ...
. 2025-03-12 16:45:57.484 Command-line: "P:\WinSCP_6_3_6\WinSCP.exe" 
. 2025-03-12 16:45:57.485 Time zone: Current: GMT-7, Standard: GMT-8 (Pacific Standard Time), DST: GMT-7 (Pacific Daylight Time), DST Start: 3/9/2025, DST End: 11/2/2025
. 2025-03-12 16:45:57.485 Login time: Wednesday, March 12, 2025 4:45:57 PM
. 2025-03-12 16:45:57.485 --------------------------------------------------------------------------
. 2025-03-12 16:45:57.485 Session name: xxxx (Modified site)
. 2025-03-12 16:45:57.485 Host name: yyyyyy (Port: 2122)
. 2025-03-12 16:45:57.485 User name: zzzzz (Password: Yes, Key file: No, Passphrase: No)
. 2025-03-12 16:45:57.485 Transfer Protocol: FTP
. 2025-03-12 16:45:57.485 Ping type: Dummy, Ping interval: 30 sec; Timeout: 15 sec
. 2025-03-12 16:45:57.485 Disable Nagle: No
. 2025-03-12 16:45:57.485 Proxy: None
. 2025-03-12 16:45:57.485 Send buffer: 262144
. 2025-03-12 16:45:57.485 UTF: Auto
. 2025-03-12 16:45:57.485 FTPS: Explicit TLS/SSL [Client certificate: No]
. 2025-03-12 16:45:57.485 FTP: Passive: Yes [Force IP: Auto]; MLSD: Auto [List all: Auto]; HOST: Auto
. 2025-03-12 16:45:57.485 Session reuse: Yes
. 2025-03-12 16:45:57.485 TLS/SSL versions: TLSv1.1-TLSv1.2
. 2025-03-12 16:45:57.485 Local directory: C:\, Remote directory: /, Update: Yes, Cache: Yes
. 2025-03-12 16:45:57.485 Cache directory changes: Yes, Permanent: Yes
. 2025-03-12 16:45:57.485 Recycle bin: Delete to: No, Overwritten to: No, Bin path: 
. 2025-03-12 16:45:57.485 Timezone offset: 0h 0m
. 2025-03-12 16:45:57.485 --------------------------------------------------------------------------
. 2025-03-12 16:45:57.517 Session upkeep
. 2025-03-12 16:45:57.560 Connecting to yyyyyy:2122 ...
. 2025-03-12 16:45:57.560 Connected
. 2025-03-12 16:45:57.560 TLS layer changed state from unconnected to connecting
. 2025-03-12 16:45:57.590 TLS layer changed state from connecting to connected
. 2025-03-12 16:45:57.591 Connected with sgapi.scotiabank.ca:2122, negotiating TLS connection...
. 2025-03-12 16:45:57.673 Read 84 bytes
< 2025-03-12 16:45:57.673 220 yyyyyy FTP Gateway service (Version 2,0,0,25 2025-03-12 7:45:57 PM) Ready.
> 2025-03-12 16:45:57.673 AUTH TLS
. 2025-03-12 16:45:57.748 Read 37 bytes
< 2025-03-12 16:45:57.748 234 TLS Accepted, begin negotiation
. 2025-03-12 16:45:57.748 No data to read
. 2025-03-12 16:45:57.823 TLS connect: SSLv3/TLS write client hello
. 2025-03-12 16:45:57.823 SSL3 alert write: fatal: handshake failure
. 2025-03-12 16:45:57.823 error:0A000152:SSL routines::unsafe legacy renegotiation disabled
. 2025-03-12 16:45:57.823 unsafe legacy renegotiation disabled
. 2025-03-12 16:45:57.823 TLS connect: error in error
. 2025-03-12 16:45:57.823 Can't establish TLS connection
. 2025-03-12 16:45:57.823 Disconnected from server
. 2025-03-12 16:45:57.823 Connection closed
. 2025-03-12 16:45:57.823 Connection failed.
. 2025-03-12 16:45:57.823 Got reply 1004 to the command 1
* 2025-03-12 16:45:57.892 (EFatal) Connection failed.
* 2025-03-12 16:45:57.892 SSL3 alert write: fatal: handshake failure
* 2025-03-12 16:45:57.892 unsafe legacy renegotiation disabled
* 2025-03-12 16:45:57.892 TLS connect: error in error
* 2025-03-12 16:45:57.892 Can't establish TLS connection
* 2025-03-12 16:45:57.892 Disconnected from server
* 2025-03-12 16:45:57.892 Connection failed.

Logs of good connection with v5.11.1 ... 
. 2025-03-12 16:48:14.463 --------------------------------------------------------------------------
. 2025-03-12 16:48:14.464 WinSCP Version 5.11.1 (Build 7725) (OS 10.0.19045 - Windows 10 Enterprise)
. 2025-03-12 16:48:14.465 Configuration: P:\WinSCP\WinSCP.ini
. 2025-03-12 16:48:14.466 Log level: Debug 2
. 2025-03-12 16:48:14.466 Local account: xxxx\yyyy
. 2025-03-12 16:48:14.466 Working directory: P:\WinSCP
. 2025-03-12 16:48:14.466 Process ID: 26012
. 2025-03-12 16:48:14.476 Command-line: "P:\WinSCP\WinSCP.exe" 
. 2025-03-12 16:48:14.477 Time zone: Current: GMT-7, Standard: GMT-8 (Pacific Standard Time), DST: GMT-7 (Pacific Daylight Time), DST Start: 3/9/2025, DST End: 11/2/2025
. 2025-03-12 16:48:14.477 Login time: Wednesday, March 12, 2025 4:48:14 PM
. 2025-03-12 16:48:14.477 --------------------------------------------------------------------------
. 2025-03-12 16:48:14.477 Session name: xxxx  (Modified site)
. 2025-03-12 16:48:14.477 Host name: yyyyyy (Port: 2122)
. 2025-03-12 16:48:14.477 User name: zzzzz (Password: Yes, Key file: No, Passphrase: No)
. 2025-03-12 16:48:14.477 Transfer Protocol: FTP
. 2025-03-12 16:48:14.477 Ping type: Dummy, Ping interval: 30 sec; Timeout: 15 sec
. 2025-03-12 16:48:14.477 Disable Nagle: No
. 2025-03-12 16:48:14.477 Proxy: None
. 2025-03-12 16:48:14.477 Send buffer: 262144
. 2025-03-12 16:48:14.477 UTF: Auto
. 2025-03-12 16:48:14.477 FTPS: Explicit TLS/SSL [Client certificate: No]
. 2025-03-12 16:48:14.477 FTP: Passive: Yes [Force IP: Auto]; MLSD: Auto [List all: Auto]; HOST: Auto
. 2025-03-12 16:48:14.477 Session reuse: Yes
. 2025-03-12 16:48:14.477 TLS/SSL versions: TLSv1.0-TLSv1.2
. 2025-03-12 16:48:14.477 Local directory: C:\, Remote directory: /Sent, Update: Yes, Cache: Yes
. 2025-03-12 16:48:14.477 Cache directory changes: Yes, Permanent: Yes
. 2025-03-12 16:48:14.478 Recycle bin: Delete to: No, Overwritten to: No, Bin path: 
. 2025-03-12 16:48:14.478 Timezone offset: 0h 0m
. 2025-03-12 16:48:14.478 --------------------------------------------------------------------------
. 2025-03-12 16:48:14.538 Session upkeep
. 2025-03-12 16:48:14.607 Connecting to yyyyyy:2122 ...
. 2025-03-12 16:48:14.607 TLS layer changed state from unconnected to connecting
. 2025-03-12 16:48:14.617 TLS layer changed state from connecting to connected
. 2025-03-12 16:48:14.619 Connected with yyyyyy:2122, negotiating TLS connection...
< 2025-03-12 16:48:14.703 220 yyyyyy FTP Gateway service (Version 2,0,0,25 2025-03-12 7:48:14 PM) Ready.
> 2025-03-12 16:48:14.703 AUTH TLS
< 2025-03-12 16:48:14.776 234 TLS Accepted, begin negotiation
. 2025-03-12 16:48:15.242 TLS connect: SSLv3 read server hello A
. 2025-03-12 16:48:15.249 TLS connect: SSLv3 read server certificate A
. 2025-03-12 16:48:15.262 TLS connect: SSLv3 read server key exchange A
. 2025-03-12 16:48:15.263 TLS connect: SSLv3 read server done A
. 2025-03-12 16:48:15.269 TLS connect: SSLv3 write client key exchange A
. 2025-03-12 16:48:15.274 TLS connect: SSLv3 write change cipher spec A
. 2025-03-12 16:48:15.274 TLS connect: SSLv3 write finished A
. 2025-03-12 16:48:15.274 TLS connect: SSLv3 flush data
. 2025-03-12 16:48:15.348 TLS connect: SSLv3 read finished A
. 2025-03-12 16:48:15.349 Verifying certificate for "yyyyyy" with fingerprint zzzz and 20 failures
. 2025-03-12 16:48:15.349 Certificate common name "yyyyyy" matches hostname
. 2025-03-12 16:48:15.402 Certificate verified against Windows certificate store
. 2025-03-12 16:48:15.403 Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES128-SHA256, 2048 bit RSA, ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
. 2025-03-12 16:48:15.403 Session upkeep
. 2025-03-12 16:48:15.428 TLS connection established. Waiting for welcome message...
> 2025-03-12 16:48:15.428 USER zzzzz
< 2025-03-12 16:48:15.855 331 Password required for JOTASADPWL.
> 2025-03-12 16:48:15.855 PASS ********
< 2025-03-12 16:48:16.410 230 User zzzzz logged in.
> 2025-03-12 16:48:16.410 SYST
. 2025-03-12 16:48:16.913 The server is probably running Windows, assuming that directory listing timestamps are affected by DST.
< 2025-03-12 16:48:16.913 215 Windows_NT version 5.0
> 2025-03-12 16:48:16.913 FEAT
< 2025-03-12 16:48:17.415 211-Extensions supported
< 2025-03-12 16:48:17.416  AUTH TLS
< 2025-03-12 16:48:17.416  AUTH SSL
< 2025-03-12 16:48:17.416  PBSZ
< 2025-03-12 16:48:17.416  PROT
< 2025-03-12 16:48:17.416 211 END
> 2025-03-12 16:48:17.416 PBSZ 0
< 2025-03-12 16:48:17.919 200 PBSZ 0 successful
> 2025-03-12 16:48:17.919 PROT P
< 2025-03-12 16:48:18.422 200 Protection set to private
. 2025-03-12 16:48:18.422 Session upkeep
. 2025-03-12 16:48:18.448 Connected
. 2025-03-12 16:48:18.448 Got reply 1 to the command 1
. 2025-03-12 16:48:18.448 --------------------------------------------------------------------------
. 2025-03-12 16:48:18.448 Using FTP protocol.
. 2025-03-12 16:48:18.450 Doing startup conversation with host.
> 2025-03-12 16:48:18.465 PWD
< 2025-03-12 16:48:18.925 257 "/" is current directory.
. 2025-03-12 16:48:18.926 Got reply 1 to the command 16
. 2025-03-12 16:48:18.926 Changing directory to "/Sent".
> 2025-03-12 16:48:18.926 CWD /Sent
< 2025-03-12 16:48:19.429 250 CWD command successful.
. 2025-03-12 16:48:19.429 Got reply 1 to the command 16
. 2025-03-12 16:48:19.429 Getting current directory name.
> 2025-03-12 16:48:19.429 PWD
< 2025-03-12 16:48:19.932 257 "/Sent" is current directory.
. 2025-03-12 16:48:19.932 Got reply 1 to the command 16
. 2025-03-12 16:48:19.932 Session upkeep
. 2025-03-12 16:48:20.032 Retrieving directory listing...
> 2025-03-12 16:48:20.032 TYPE A
< 2025-03-12 16:48:20.435 200 Type set to A.
> 2025-03-12 16:48:20.437 PASV
< 2025-03-12 16:48:20.946 227 Entering Passive Mode (205,210,223,47,7,236)
> 2025-03-12 16:48:20.946 LIST -a
. 2025-03-12 16:48:20.946 Connecting to 205.210.223.47:2028 ...
. 2025-03-12 16:48:21.016 Data connection opened
. 2025-03-12 16:48:21.016 Trying reuse main TLS session ID
. 2025-03-12 16:48:21.017 TLS layer changed state from none to connected
< 2025-03-12 16:48:21.449 150 Opening data connection for LIST.
. 2025-03-12 16:48:21.461 Session ID reused
. 2025-03-12 16:48:21.461 TLS connect: SSLv3 read server hello A
. 2025-03-12 16:48:21.462 TLS connect: SSLv3 read finished A
. 2025-03-12 16:48:21.462 TLS connect: SSLv3 write change cipher spec A
. 2025-03-12 16:48:21.462 TLS connect: SSLv3 write finished A
. 2025-03-12 16:48:21.462 TLS connect: SSLv3 flush data
. 2025-03-12 16:48:21.462 Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES128-SHA256, 2048 bit RSA, ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
. 2025-03-12 16:48:21.462 Session upkeep
. 2025-03-12 16:48:21.486 TLS connection established
. 2025-03-12 16:48:21.946 Session upkeep
< 2025-03-12 16:48:21.976 226 Transfer complete.
. 2025-03-12 16:48:22.155 TLS layer changed state from connected to closed

Documentation

Support

Associations

Follow Us