Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Thanks for this information!
LALILU

Hi Martin,

now we´ve solved the problem by using the option "TLSOptions NoSessionReuseRequired" at the server-config.

Maybe you can find a workaround for this issue if someone cannot change his configuration on the server.

Regards

martin wrote:

I have sent you an email with a debug version of WinSCP to address you have used to register on this forum.
martin

I have sent you an email with a debug version of WinSCP to address you have used to register on this forum.
LALILU

Hi Martin,

i´ve still got this problem.

Here are the part from my logfile where i loose the TLS-connection:

. 2015-08-03 15:32:12.547 Data connection opened

. 2015-08-03 15:32:12.547 Trying reuse main TLS session ID
. 2015-08-03 15:32:12.547 TLS layer changed state from none to connected
. 2015-08-03 15:32:12.573 Session ID reused
. 2015-08-03 15:32:12.573 TLS layer changed state from connected to aborted
. 2015-08-03 15:32:12.573 Disconnected from server
. 2015-08-03 15:32:12.573 Data connection closed
. 2015-08-03 15:32:12.573 Could not retrieve directory listing
. 2015-08-03 15:32:12.573 Got reply 1004 to the command 2
. 2015-08-03 15:32:12.573 Ignoring old TransferEnd message
. 2015-08-03 15:32:12.573 Connection was lost, asking what to do.
. 2015-08-03 15:32:12.573 Asking user:
. 2015-08-03 15:32:12.573 Lost connection. ("Disconnected from server","Could not retrieve directory listing")
* 2015-08-03 15:32:15.408 (ESshFatal) **Lost connection.**
* 2015-08-03 15:32:15.408 Disconnected from server
* 2015-08-03 15:32:15.408 Could not retrieve directory listing


You´ve got any idea?

Regards
Auth

cdSndNWBOEPcxJUoBQg

Hi,I have an email account with 3web.com.two days ago I joeind Bell sympatico. I can receive email on my account but I can not send emails out. I did not start a new email account with sympatico.I like to use 3web.com instead.Would you know the way to make 3web mail on Sympatico.I use Window live mail.Thank you
LALILU

Hi prikryl,

did you had an experience about this problem?

Greets
Armin
Numirium

reuse SSL session

martin wrote:

WinSCP cannot reuse the SSL session. You may remove the requirement on the server-side as workaround.


Hi, pls, do you plan to add support for reusing? "Server side workaround" sounds horribly :).

In some situations is this workaround impossible and is feel as security flaw by my clients.
amraam

vsftpd-2.1.0 support

Hello,

I just wanted to mention that I would need this feature as well. This is the only thing that forces me to use FileZilla (whose interface I don't like) parallely to WinSCP.

So while Chris Evans thinks not many people need FTP over SSL I need it because my webhoster offers no other secure connection methods.
war59312

Nice, thanks for looking into it.

And thanks for unbanning my account. Odd how it bans you if use a bad keyword in your post. Too strong of a spam filter it seems.
LALILU

LALILU

Guest

LALILU wrote:

martin wrote:

Thanks. I do not see anything wrong in the log files. May I have a test account on your server?


Hi Martin,
i sent an email with the testaccount in a pgp encrypted file.

Thanks
Armin

Hi Martin,

have you found any solutions with my FTP-Server?

Regards
Armin
LALILU

martin wrote:

Thanks. I do not see anything wrong in the log files. May I have a test account on your server?


Hi Martin,
i sent an email with the testaccount in a pgp encrypted file.

Thanks
Armin
martin

Thanks. I do not see anything wrong in the log files. May I have a test account on your server?
Guest

martin wrote:

LALILU wrote:

I have the same Problem with the Version 4.3.2 (Build 1201).

I would need complete log files (without obfuscating the IP addresses at least). You can email them to me, if you do not want to post them publicly.


Damn. Sorry. Here the correct one.

WinSCP:
--------------------------------------------------------------------------

WinSCP Version 4.3.2 (Build 1201) (OS 5.1.2600 Service Pack 2)
Login time: Montag, 21. M�rz 2011 15:14:25
--------------------------------------------------------------------------
Session name: HostServer/...
Host name: ... (Port: 21)
User name: ... (Password: Yes, Key file: No)
Tunnel: No
Transfer Protocol: FTP
Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
Proxy: none
FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: Yes]
Local directory: default, Remote directory: home, Update: No, Cache: Yes
Cache directory changes: Yes, Permanent: Yes
DST mode: 1
--------------------------------------------------------------------------
Verbinde mit ...
Verbunden mit ..., Etabliere SSL Verbindung...
220 FTP Server ready.
AUTH TLS
234 AUTH TLS successful
SSL Verbindung hergestellt. Erwarte die Willkommensnachricht...
USER ...
331 Password required for ...
PASS *************
230 User  ... logged in
SYST
215 UNIX Type: L8
FEAT
211-Features:
 LANG en-US.UTF-8;en-US*
 MDTM
 MFMT
 TVFS
 AUTH TLS
 UTF8
 MFF modify;UNIX.group;UNIX.mode;
 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 PBSZ
 PROT
 REST STREAM
 SIZE
211 End
OPTS UTF8 ON
200 UTF8 set to on
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
Verbunden
--------------------------------------------------------------------------
Using FTP protocol.
Doing startup conversation with host.
PWD
257 "/htdocs" is the current directory
Getting current directory name.
Rufe Verzeichnisinhalt ab...
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (...).
LIST -a
150 Opening ASCII mode data connection for file list
425 Unable to build data connection: Operation not permitted
Konnte Verzeichnisinhalt nicht abrufen
Rufe Verzeichnisinhalt ab...
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (...).
LIST
150 Opening ASCII mode data connection for file list
SSL Verbindung hergestellt
425 Unable to build data connection: Operation not permitted
Konnte Verzeichnisinhalt nicht abrufen
(ECommand) Fehler beim Anzeigen des Verzeichnisses "/htdocs".
Konnte Verzeichnisinhalt nicht abrufen
Unable to build data connection: Operation not permitted
Startup conversation with host finished.


FileZilla:
Status:   Resolving address of ...

Status:   Connecting to ......
Status:   Verbindung hergestellt, warte auf Willkommensnachricht...
Antwort:   220 FTP Server ready.
Befehl:   AUTH TLS
Antwort:   234 AUTH TLS successful
Status:   Starte TLS...
Status:   �berpr�fe Zertifikat...
Befehl:   USER ...
Status:   TLS/SSL Verbindung hergestellt-
Antwort:   331 Password required for ...
Befehl:   PASS *************
Antwort:   230 User ... logged in
Befehl:   SYST
Antwort:   215 UNIX Type: L8
Befehl:   FEAT
Antwort:   211-Features:
Antwort:    LANG en-US.UTF-8;en-US*
Antwort:    MDTM
Antwort:    MFMT
Antwort:    TVFS
Antwort:    AUTH TLS
Antwort:    UTF8
Antwort:    MFF modify;UNIX.group;UNIX.mode;
Antwort:    MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
Antwort:    PBSZ
Antwort:    PROT
Antwort:    REST STREAM
Antwort:    SIZE
Antwort:   211 End
Befehl:   OPTS UTF8 ON
Antwort:   200 UTF8 set to on
Befehl:   PBSZ 0
Antwort:   200 PBSZ 0 successful
Befehl:   PROT P
Antwort:   200 Protection set to Private
Status:   Verbunden
Status:   Empfange Dateilisten...
Befehl:   PWD
Antwort:   257 "/htdocs" is the current directory
Befehl:   TYPE I
Antwort:   200 Type set to I
Befehl:   PASV
Antwort:   227 Entering Passive Mode (...).
Befehl:   MLSD
Antwort:   150 Opening ASCII mode data connection for MLSD
Antwort:   226 Transfer complete
Status:   Dateiauflistung abgeschlossen
LALILU_

martin wrote:

LALILU wrote:

I have the same Problem with the Version 4.3.2 (Build 1201).

I would need complete log files (without obfuscating the IP addresses at least). You can email them to me, if you do not want to post them publicly.

Allright. Here the complete Logs.

WinSCP:
--------------------------------------------------------------------------

WinSCP Version 4.3.2 (Build 1201) (OS 5.1.2600 Service Pack 2)
Login time: Montag, 21. M�rz 2011 15:08:07
--------------------------------------------------------------------------
Session name: HostServer/...
Host name: ... (Port: 21)
User name: ... (Password: Yes, Key file: No)
Tunnel: No
Transfer Protocol: FTP
Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
Proxy: none
FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: Yes]
Local directory: default, Remote directory: home, Update: No, Cache: Yes
Cache directory changes: Yes, Permanent: Yes
DST mode: 1
--------------------------------------------------------------------------
Verbinde mit ... ...
Verbunden mit ..., Etabliere SSL Verbindung...
220 FTP Server ready.
AUTH TLS
234 AUTH TLS successful
SSL Verbindung hergestellt. Erwarte die Willkommensnachricht...
USER myusername
331 Password required for ...
PASS *************
230 User myusername logged in
SYST
215 UNIX Type: L8
FEAT
211-Features:
 LANG en-US.UTF-8;en-US*
 MDTM
 MFMT
 TVFS
 AUTH TLS
 UTF8
 MFF modify;UNIX.group;UNIX.mode;
 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 PBSZ
 PROT
 REST STREAM
 SIZE
211 End
OPTS UTF8 ON
200 UTF8 set to on
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
Verbunden
--------------------------------------------------------------------------
Using FTP protocol.
Doing startup conversation with host.
PWD
257 "/htdocs" is the current directory
Getting current directory name.
Rufe Verzeichnisinhalt ab...
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (...).
LIST -a
150 Opening ASCII mode data connection for file list
SSL Verbindung hergestellt
425 Unable to build data connection: Operation not permitted
Konnte Verzeichnisinhalt nicht abrufen
Rufe Verzeichnisinhalt ab...
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (...).
LIST
150 Opening ASCII mode data connection for file list
SSL Verbindung hergestellt
425 Unable to build data connection: Operation not permitted
Konnte Verzeichnisinhalt nicht abrufen
(ECommand) Fehler beim Anzeigen des Verzeichnisses "/htdocs".
Konnte Verzeichnisinhalt nicht abrufen
Unable to build data connection: Operation not permitted
Startup conversation with host finished.


FileZilla:
Status:   Resolving address of ...

Status:   Connecting to ...
Status:   Verbindung hergestellt, warte auf Willkommensnachricht...
Antwort:   220 FTP Server ready.
Befehl:   AUTH TLS
Antwort:   234 AUTH TLS successful
Status:   Starte TLS...
Status:   �berpr�fe Zertifikat...
Befehl:   USER myusername
Status:   TLS/SSL Verbindung hergestellt-
Antwort:   331 Password required for ...
Befehl:   PASS *************
Antwort:   230 User myusername logged in
Befehl:   SYST
Antwort:   215 UNIX Type: L8
Befehl:   FEAT
Antwort:   211-Features:
Antwort:    LANG en-US.UTF-8;en-US*
Antwort:    MDTM
Antwort:    MFMT
Antwort:    TVFS
Antwort:    AUTH TLS
Antwort:    UTF8
Antwort:    MFF modify;UNIX.group;UNIX.mode;
Antwort:    MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
Antwort:    PBSZ
Antwort:    PROT
Antwort:    REST STREAM
Antwort:    SIZE
Antwort:   211 End
Befehl:   OPTS UTF8 ON
Antwort:   200 UTF8 set to on
Befehl:   PBSZ 0
Antwort:   200 PBSZ 0 successful
Befehl:   PROT P
Antwort:   200 Protection set to Private
Status:   Verbunden
Status:   Empfange Dateilisten...
Befehl:   PWD
Antwort:   257 "/htdocs" is the current directory
Befehl:   TYPE I
Antwort:   200 Type set to I
Befehl:   PASV
Antwort:   227 Entering Passive Mode (...).
Befehl:   MLSD
Antwort:   150 Opening ASCII mode data connection for MLSD
Antwort:   226 Transfer complete
Status:   Dateiauflistung abgeschlossen
martin

LALILU wrote:

I have the same Problem with the Version 4.3.2 (Build 1201).

I would need complete log files (without obfuscating the IP addresses at least). You can email them to me, if you do not want to post them publicly.
LALILU

martin

burger wrote:

I'm a different person than the OP trying to get FTPES FTP over explicit TLS/SLL working, but here are my logs.

I tried WinSCP with both Explicit TLS and Explicit SSL, no luck.. here are the logs

I really wanted to use WinSCP to automate.. but it looks like it won't work.

Hopefully this will help you add this feature..

Thanks for your post. This issue is being tracked already.
burger

martin wrote:

So can you post a log file from both Filezilla and WinSCP?


I'm a different person than the OP trying to get FTPES FTP over explicit TLS/SLL working, but here are my logs.

I tried WinSCP with both Explicit TLS and Explicit SSL, no luck.. here are the logs

I really wanted to use WinSCP to automate.. but it looks like it won't work.

Hopefully this will help you add this feature..


******** Explicit SSL

. 2011-02-17 10:10:44.570 --------------------------------------------------------------------------
. 2011-02-17 10:10:44.570 WinSCP Version 4.3.1 (Build 1099) (OS 6.1.7600)
. 2011-02-17 10:10:44.570 Login time: Thursday, February 17, 2011 10:10:44 AM
. 2011-02-17 10:10:44.570 --------------------------------------------------------------------------
. 2011-02-17 10:10:44.570 Session name: me@somewhere.net_ssl_ex
. 2011-02-17 10:10:44.570 Host name: ftp.myhost.net (Port: 21)
. 2011-02-17 10:10:44.571 User name: myusername(Password: Yes, Key file: No)
. 2011-02-17 10:10:44.571 Tunnel: No
. 2011-02-17 10:10:44.571 Transfer Protocol: FTP
. 2011-02-17 10:10:44.571 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2011-02-17 10:10:44.571 Proxy: none
. 2011-02-17 10:10:44.571 FTP: FTPS: Explicit SSL; Passive: Yes [Force IP: No]
. 2011-02-17 10:10:44.571 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2011-02-17 10:10:44.571 Cache directory changes: Yes, Permanent: Yes
. 2011-02-17 10:10:44.571 DST mode: 1
. 2011-02-17 10:10:44.571 --------------------------------------------------------------------------
. 2011-02-17 10:10:44.609 Connecting to ftp.myhost.net ...
. 2011-02-17 10:10:44.609 m_pSslLayer changed state from 0 to 1
. 2011-02-17 10:10:44.609 m_pSslLayer changed state from 1 to 2
. 2011-02-17 10:10:44.626 m_pSslLayer changed state from 2 to 4
. 2011-02-17 10:10:44.628 Connected with ftp.myhost.net, negotiating SSL connection...
< 2011-02-17 10:10:44.662 220 Microsoft FTP Service
> 2011-02-17 10:10:44.662 AUTH SSL
< 2011-02-17 10:10:44.696 234 AUTH command ok. Expecting TLS Negotiation.
. 2011-02-17 10:10:44.928 SSL_connect: error in SSLv3 read server hello B
. 2011-02-17 10:10:44.928 Can't establish SSL connection
. 2011-02-17 10:10:44.928 Disconnected from server
. 2011-02-17 10:10:44.929 Connection failed.
. 2011-02-17 10:10:44.929 Got reply 1004 to the command 1
* 2011-02-17 10:10:44.936 (ESshFatal) Connection failed.
* 2011-02-17 10:10:44.937 SSL_connect: error in SSLv3 read server hello B
* 2011-02-17 10:10:44.937 Can't establish SSL connection
* 2011-02-17 10:10:44.937 Disconnected from server
* 2011-02-17 10:10:44.937 Connection failed.
* 2011-02-17 10:10:44.937 AUTH command ok. Expecting TLS Negotiation.

******** Explicit TLS

. 2011-02-17 10:10:54.065 --------------------------------------------------------------------------
. 2011-02-17 10:10:54.066 WinSCP Version 4.3.1 (Build 1099) (OS 6.1.7600)
. 2011-02-17 10:10:54.066 Login time: Thursday, February 17, 2011 10:10:54 AM
. 2011-02-17 10:10:54.066 --------------------------------------------------------------------------
. 2011-02-17 10:10:54.066 Session name: me@ftp.myhost.net_tls_exp
. 2011-02-17 10:10:54.066 Host name: ftp.myhost.net (Port: 21)
. 2011-02-17 10:10:54.066 User name: myusername(Password: Yes, Key file: No)
. 2011-02-17 10:10:54.066 Tunnel: No
. 2011-02-17 10:10:54.066 Transfer Protocol: FTP
. 2011-02-17 10:10:54.066 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2011-02-17 10:10:54.066 Proxy: none
. 2011-02-17 10:10:54.066 FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: No]
. 2011-02-17 10:10:54.066 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2011-02-17 10:10:54.066 Cache directory changes: Yes, Permanent: Yes
. 2011-02-17 10:10:54.066 DST mode: 1
. 2011-02-17 10:10:54.066 --------------------------------------------------------------------------
. 2011-02-17 10:10:54.091 Connecting to ftp.myhost.net ...
. 2011-02-17 10:10:54.091 m_pSslLayer changed state from 0 to 1
. 2011-02-17 10:10:54.091 m_pSslLayer changed state from 1 to 2
. 2011-02-17 10:10:54.103 m_pSslLayer changed state from 2 to 4
. 2011-02-17 10:10:54.105 Connected with ftp.myhost.net, negotiating SSL connection...
< 2011-02-17 10:10:54.137 220 Microsoft FTP Service
> 2011-02-17 10:10:54.137 AUTH TLS
< 2011-02-17 10:10:54.172 234 AUTH command ok. Expecting TLS Negotiation.
. 2011-02-17 10:10:54.210 SSL_connect: error in SSLv3 read server hello B
. 2011-02-17 10:10:54.210 Can't establish SSL connection
. 2011-02-17 10:10:54.210 Disconnected from server
. 2011-02-17 10:10:54.210 Connection failed.
. 2011-02-17 10:10:54.210 Got reply 1004 to the command 1
* 2011-02-17 10:10:54.218 (ESshFatal) Connection failed.
* 2011-02-17 10:10:54.218 SSL_connect: error in SSLv3 read server hello B
* 2011-02-17 10:10:54.218 Can't establish SSL connection
* 2011-02-17 10:10:54.218 Disconnected from server
* 2011-02-17 10:10:54.218 Connection failed.
* 2011-02-17 10:10:54.218 AUTH command ok. Expecting TLS Negotiation.


********** Filezilla

Status: Resolving address of ftp.myhost.net
Status: Connecting to x.x.x.x:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220 Microsoft FTP Service
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH command ok. Expecting TLS Negotiation.
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: Handshake successful
Trace: Cipher: AES-128-CBC, MAC: SHA1
Status: Verifying certificate...
Trace: CFtpControlSocket::SendNextCommand()
Command: USER myusername
Status: TLS/SSL connection established.
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 331 Password required for myusername.
Trace: CFtpControlSocket::SendNextCommand()
Command: PASS *********
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 230 User logged in.
Trace: CFtpControlSocket::SendNextCommand()
Command: SYST
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 215 Windows_NT
Trace: CFtpControlSocket::SendNextCommand()
Command: FEAT
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 211-Extended features supported:
Response: LANG EN*
Response: UTF8
Response: AUTH TLS;TLS-C;SSL;TLS-P;
Response: PBSZ
Response: PROT C;P;
Response: CCC
Response: HOST
Response: SIZE
Response: MDTM
Response: 211 END
Trace: CFtpControlSocket::SendNextCommand()
Command: OPTS UTF8 ON
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON.
Trace: CFtpControlSocket::SendNextCommand()
Command: PBSZ 0
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 200 PBSZ command successful.
Trace: CFtpControlSocket::SendNextCommand()
Command: PROT P
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 200 PROT command successful.
Status: Connected
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Trace: CFileZillaEnginePrivate::ResetOperation(0)
Status: Retrieving directory listing...
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::ChangeDirSend()
Command: PWD
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 257 "/" is current directory.
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Trace: CFtpControlSocket::ParseSubcommandResult(0)
Trace: CFtpControlSocket::ListSubcommandResult()
Trace: state = 1
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: state = 1
Command: TYPE I
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 200 Type set to I.
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 2
Trace: state = 1
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: state = 2
Command: PASV
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 227 Entering Passive Mode (216,154,194,28,21,27).
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 2
Trace: state = 2
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: state = 4
Command: LIST
Trace: CTransferSocket::OnConnect
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 150 Opening BINARY mode data connection.
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 1
Trace: state = 4
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: state = 5
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: Handshake successful
Trace: Session resumed
Trace: Cipher: AES-128-CBC, MAC: SHA1
Trace: CTransferSocket::OnConnect
Trace: CTlsSocket::OnRead()
Trace: CTransferSocket::OnReceive(), m_transferMode=0
Trace: CTransferSocket::TransferEnd(1)
Trace: CFtpControlSocket::TransferEnd()
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 226 Transfer complete.
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 2
Trace: state = 7
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Trace: CFtpControlSocket::ParseSubcommandResult(0)
Trace: CFtpControlSocket::ListSubcommandResult()
Trace: state = 3
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::ListSend()
Trace: state = 4
Status: Calculating timezone offset of server...
Command: MDTM Test.txt
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 213 20110214163927
Trace: CFtpControlSocket::ListParseResponse()
Status: Timezone offsets: Server: -18000 seconds. Local: -21600 seconds. Difference: -3600 seconds.
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Status: Directory listing successful
Trace: CFileZillaEnginePrivate::ResetOperation(0)


***** Core FTP Pro

WinSock 2.0
Mem -- 4,194,303 KB, Virt -- 2,097,024 KB
Started on Thursday February 17, 2011 at 10:17:AM
Resolving ftp.myhost.net...
Connect socket #948 to 216.154.194.28, port 21...
220 Microsoft FTP Service
AUTH SSL
234 AUTH command ok. Expecting TLS Negotiation.
TLSv1, cipher TLSv1/SSLv3 (AES128-SHA) - 128 bit
USER myusername
331 Password required for myusername.
PASS **********
230 User logged in.
SYST
215 Windows_NT
Keep alive off...
PWD
257 "/" is current directory.
PBSZ 0
200 PBSZ command successful.
PROT P
200 PROT command successful.
PASV
227 Entering Passive Mode (216,154,194,28,21,47).
LIST
Connect socket #1008 to 216.154.194.28, port 5423...
TLSv1, cipher TLSv1/SSLv3 (AES128-SHA) - 128 bit
150 Opening ASCII mode data connection.
226 Transfer complete.
Transferred 49 bytes in 0.011 seconds


**** good luck..
martin

So can you post a log file from both Filezilla and WinSCP?
Guest

Yes, I can connect with Filezilla and Core FTP LE. Filezilla has the "FTP over explicit TLS/SSL" FTP Protocol.
In Core FTP LE, the setting is:
Connection Type: Auth SSL
SSL Options:- Checked SSL Listing, SSL Transfer, Open SSL
Checked PASV
Thanks
martin

Are you able to connect with any other FTP client? Do you have anyone to ask, what kind of connection you are supposed to use with that server?
Gues

Hello
Thanks for the response.
I have tried all the 3 options and it doesn't work.
Thanks
martin

Re: FTP over explicit TLS/SSL

You have to know if you need to use TLS or SSL. If you do not know, try TLS first.
Guest

FTP over explicit TLS/SSL

Does WinScp support "FTP over explicit TLS/SSL" FTP protocol. I am using version 4.2.9(build 938)
If yes, how can I use it.
I was looking at the FTP dropdown and it has the following 4:-
1.No Encryption
2.SSL/TLS Implicit encryption
3.SSL explicit encryption
4.TLS explicit encryption

Thanks[/list]
martin

Re: TLS1.0 or TLS 1.1

Shashank wrote:

HOw to figure out me whether Winscp supports TLS1.1 or TLS1.0 ??

TLS 1.0 only atm.
Shashank

TLS1.0 or TLS 1.1

HOw to figure out me whether Winscp supports TLS1.1 or TLS1.0 ??
martin

Re: THANK YOU!

ken_f_ca wrote:

When will 4.2 move from Beta to Production? We're not allowed to inplement Beta code in our enviroment.

Sorry, I'm not going to promise any dates.
ken_f_ca

Re: THANK YOU!

When will 4.2 move from Beta to Production? We're not allowed to inplement Beta code in our enviroment.

Thank-you for all your efforts adding this feature.

Ken

Schnulla wrote:

First I want to say thanks for
implementing this in v.4.2.1! :D

It works fine here!

Question: Does FTP over explicit SSL
in WinSCP only encrypt the login and
password data or is also the file
transfer secured? Thanks :)

(I ask this because in SmartFTP it is
possible to secure the file transfer
and the login process separately).
martin

WinSCP cannot reuse the SSL session. You may remove the requirement on the server-side as workaround.
Ben White

I am trying to use FTP with TLS Explicit encryption to a proftpd server.
I am getting the following error from WinSCP
Retrieving directory listing...

TYPE A
200 Type set to A
PORT 192,168,1,7,16,69
200 PORT command successful
LIST
150 Opening ASCII mode data connection for file list
SSL connection established
425 Unable to build data connection: Operation not permitted
Could not retrieve directory listing


Here is the error log from the proftpd server
May 01 18:45:20 mod_tls/2.3[2419]: starting TLS negotiation on data connection

May 01 18:45:21 mod_tls/2.3[2419]: did NOT reuse SSL session for data connection
May 01 18:45:21 mod_tls/2.3[2419]: Client did not reuse SSL session, rejecting data connection (see TLSOption NoSessionReuseRequired)
May 01 18:45:22 mod_tls/2.3[2419]: unable to open data connection: TLS negotiation failed


Is there a setting that forces WinSCP to reuse the same SSL session?
Any ideas how I can fix this?
I really don't want to use FileZilla
martin

Re: Scripting on protocol SSL/TLS

Vincenzo wrote:

I've just a simple question, because I didn't reach to find this information on the WinSCP website.
Is there a way to use scripts with this new functionnality on the protocol FTP with SSL/TLS ?
If yes what's the correct parameter to use / specify ?

Not yet. This request is being tracked already.

Yet this FAQ will show you workaround.
Vincenzo

Scripting on protocol SSL/TLS

Hello,

I've just a simple question, because I didn't reach to find this information on the WinSCP website.
Is there a way to use scripts with this new functionnality on the protocol FTP with SSL/TLS ?
If yes what's the correct parameter to use / specify ?

Thanks for you job,

Best regards
Vincenzo
Schnulla

Re: THANK YOU!

martin wrote:

Schnulla wrote:

Question: Does FTP over explicit SSL
in WinSCP only encrypt the login and
password data or is also the file
transfer secured? Thanks :)

Both. I have updated documentation to cover that.


Good to know, thanks!
martin

Re: THANK YOU!

Schnulla wrote:

Question: Does FTP over explicit SSL
in WinSCP only encrypt the login and
password data or is also the file
transfer secured? Thanks :)

Both. I have updated documentation to cover that.
Schnulla

THANK YOU!

First I want to say thanks for
implementing this in v.4.2.1! :D

It works fine here!

Question: Does FTP over explicit SSL
in WinSCP only encrypt the login and
password data or is also the file
transfer secured? Thanks :)

(I ask this because in SmartFTP it is
possible to secure the file transfer
and the login process separately).
chemmix

I'm waiting too
Christian W.

I recommand this feature request, too

Now this feature request is older than 1 year and the community is waiting for it.
I just want to say, here are more people waiting for that than the preveous speaker.
You have my support!
martin

spig wrote:

Any news on this yet? It's been a long time, and there's plenty of people looking for FTPS support. Even a beta would be useful!

Beta will be out within a month.
spig

martin wrote:

R00st3r wrote:

I am following this thread and need FTP over Implicit SSL as well. It's been almost a year now that users have been asking for this feature. Do you have an ETA on when this might be released?

One or two months I hope. But I cannot promise that.


Any news on this yet? It's been a long time, and there's plenty of people looking for FTPS support. Even a beta would be useful!
martin

R00st3r wrote:

I am following this thread and need FTP over Implicit SSL as well. It's been almost a year now that users have been asking for this feature. Do you have an ETA on when this might be released?

One or two months I hope. But I cannot promise that.
R00st3r

I am following this thread and need FTP over Implicit SSL as well. It's been almost a year now that users have been asking for this feature. Do you have an ETA on when this might be released?
cruisen

Thank you! We are waitung

Thank you. I am also waiting to use winscp for ftp over TLS!
martin

Anonymous wrote:

Do you have an estimated time as to when the new version with this feature will be released?

Not yet. Month, two or three... :-)
Guest

Do you have an estimated time as to when the new version with this feature will be released?

Thank you for implementing the feature!!!!!!!!!!!!!!!!!
martin

Schnulla wrote:

Is there already a binary snapshot available to download? :)

Not yet.
Schnulla

Is there already a binary snapshot available to download? :)

Thx!
Schnulla

wooooohaaaaaaaaa man you are the best!!! :D

BIG THANKS!! :D
Schnulla

I really need this feature

I also really need this feature because the
only secure transfer on Hosteurope Webpacks
is via "FTP over explicit TLS" :(
martin

Re: Any Update??

Guest wrote:

I was just wondering if you made any progress on implementing FTP over SSL (explicit) in WinSCP?

Not yet.
Guest

Any Update??

I was just wondering if you made any progress on implementing FTP over SSL (explicit) in WinSCP?

I really like your tool, but this is required in my environment so it would be great to have.
Guest

what do you suggest best ftps client since winscp doesn't even support ftps becuase size will inceased?
Better a client with more protocol supports that some MO more size.
Nina

Hello Martin,
thanks for your great work!

I would really like to see this feature in WinSCP!

I have to use FileZilla for some of my projects, but I don't like it half as much as your program.

PS: I would also appreciate a Linux version. ;-)
Guest

martin wrote:

Just checking again. Do you have an estimated timeframe as to when this feature will be implemented?

No. But I have raised its priority.


Thank you!
martin

Just checking again. Do you have an estimated timeframe as to when this feature will be implemented?

No. But I have raised its priority.
Guest

Just checking again. Do you have an estimated timeframe as to when this feature will be implemented?
martin

Re: Does WinSCP Support Implicity SSL connection or not?

Sarma M.N wrote:

I am trying send a file through SFTP to a destination. But they say that I will be able to send out file only if my software has Implicity SSL/SSO Connection enabled.

WinSCP does not support SSL at all.
Sarma M.N

Does WinSCP Support Implicity SSL connection or not?

Hi,

I am trying send a file through SFTP to a destination. But they say that I will be able to send out file only if my software has Implicity SSL/SSO Connection enabled.

I am using WinSCP and please help me how can I send out the file. Your prompt response would be greatly appreciated.

Thanks in advance.
martin

Anonymous wrote:

Just checking. Do you have an estimated timeframe as to when this feature will be implemented?

Not yet.
Guest

Just checking. Do you have an estimated timeframe as to when this feature will be implemented?
lonelypixel

Ah, okay, I just looked at what I found on my disk. Right, I had a single binary before and now used the multi-language installer.
martin

LonelyPixel wrote:

You say OpenSSL would bloat the binary. By how much? My 3.8 binary is 1.2 MB, the 4.0.7 binary is 4.8 MB. PHP's OpenSSL DLLs are 1.4 MB. I don't think that would hurt too much considering the current size increase already.

EXE size of 3.8 was 4.0 MB. You refer to compressed standalone binary, which is 1.25 MB in 4.1.
LonelyPixel

Hi,
I just upgraded from 3.8 to 4.0.7 as I found out that it supports FTP, too, now. This is great because the FTP client I used before always nagged me with a "License reminder" and expired from time to time forcing me to an upgrade. ;) Sadly WinSCP doesn't support FTP/SSL yet which keeps me from recommending it to my clients as FTP client. I already do recommend it as SFTP client though.

You say OpenSSL would bloat the binary. By how much? My 3.8 binary is 1.2 MB, the 4.0.7 binary is 4.8 MB. PHP's OpenSSL DLLs are 1.4 MB. I don't think that would hurt too much considering the current size increase already.
martin

Can you please give us an update on this feature?

Sorry, nothing new.
Guest

Can you please give us an update on this feature?
martin

BijuGC wrote:

Why not consider a plugin style architecture for WinSCP, with a strip down stand alone exe file. And the install version should come with other protocol like FTP, FTPS, WebDAV.

I have thought about it too. But I like the fact WinSCP is just a single file that works as is.
BijuGC

@Topic FTPS

martin wrote:

~Biju wrote:

https://en.wikipedia.org/wiki/Comparison_of_FTP_client_software
say FileZilla have FTPS (FTP over SSL) and secure-FTP (FTP over SSH)

So why cant we borrow it, just like we did for FTP

Sure, we can. It just means to integrate OpenSSL into WinSCP. Which means bloat of binary size :-(
Why not consider a plugin style architecture for WinSCP, with a strip down stand alone exe file. And the install version should come with other protocol like FTP, FTPS, WebDAV.
martin

Re: FTP over explicit TLS/SSL ?

This issue has been added to tracker.
Guest

Re: FTP over explicit TLS/SSL ?

martin wrote:

It is on TODO list already. But I cannot tell when it will be implemented.

Thank you for considering this feature! I hope it will be soon!
martin

Re: FTP over explicit TLS/SSL ?

It is on TODO list already. But I cannot tell when it will be implemented.
guest

FTP over explicit TLS/SSL ?

Do you have any plans to add this protocol to the program. I would really like to use the sync feature, but I need it to work with my server.