Re: [5.17] Client certificate is wrongfully requested when using TLS 1.3 for FTP over TLS connection
This issue has been added to the tracker:
https://winscp.net/tracker/1831
https://winscp.net/tracker/1831
- martin
Post a reply
Before posting, please read how to report bug or request support effectively.
Bug reports without an attached log file are usually useless.
Topic review
- martin
Re: [5.17] Client certificate is wrongfully requested when using TLS 1.3 for FTP over TLS connection
Thanks for your report. I'm sending you an email to the address you have used to register on this forum.
- loglady
[5.17] Client certificate is wrongfully requested when using TLS 1.3 for FTP over TLS connection
Version: 5.17
Last known good: 5.15.9
Windows Version: Windows 10 Pro 1909/18363.657
Transfer Protocol: FTP + Explicit TLS
Scripting/GUI: GUI
After updating from 5.15.9 to 5.17, one of my FTP connections has not been able to connect. It fails with the error message:
The server in question is a ProFTPD 1.3.5e server with TLSVerifyClient set to off. After further investigation, it seems like this behavior is only encountered when TLS 1.3 is used for the connection. After forcing max. TLS version to 1.2 in the advanced connection tab, the connection attempt succeeds and the client is able to read the remote directory.
I attached two redacted sessions logs for both the unsuccessful and successful connection attempt. I can also provide further information about server & client config if needed.
Last known good: 5.15.9
Windows Version: Windows 10 Pro 1909/18363.657
Transfer Protocol: FTP + Explicit TLS
Scripting/GUI: GUI
After updating from 5.15.9 to 5.17, one of my FTP connections has not been able to connect. It fails with the error message:
Server asks for authentication with a client certificate.
Could not retrieve directory listing
MLSD: Operation not permitted
The server in question is a ProFTPD 1.3.5e server with TLSVerifyClient set to off. After further investigation, it seems like this behavior is only encountered when TLS 1.3 is used for the connection. After forcing max. TLS version to 1.2 in the advanced connection tab, the connection attempt succeeds and the client is able to read the remote directory.
I attached two redacted sessions logs for both the unsuccessful and successful connection attempt. I can also provide further information about server & client config if needed.