Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

matej sk

Re: Cannot connect using Explicit SSL/TLS

matej sk wrote:

I *think* the trouble here is that WinSCP incorrectly sends only part of the SSL/TLS Client Hello when it sees the supposedly-end-of-line character.


Sorry for the report and thank you for your time helping on e-mail.
The packet splitting at the 0x0A character seems to have been caused by my VMware Player with NAT mode networking.
The bug is not in the WinSCP client.
martin

Re: Cannot connect using Explicit SSL/TLS

Thanks for your report.
I have sent you an email with a debug version of WinSCP to address you have used to register on this forum.
matej sk

Cannot connect using Explicit SSL/TLS

Hello,

I am having trouble connecting to a FTPS server using WinSCP 5.5.1 (Build 3970), with Explicit TLS/SSL. I have tried all options of the min+max SSL/TLS version setting. The connection goes like this:

220-FileZilla Server version 0.9.41 beta

220-written by Tim Kosse (Tim.Kosse@gmx.de)
220 Please visit http://sourceforge.net/projects/filezilla/
AUTH TLS
234 Using authentication type TLS
(now client sends packet with content X to server)
(client waits for 15 seconds default)
(client sends packet with content Y to server, immediately closes TCP by FIN+ACK)


According to my wireshark debugging:
    X concat Y = Client Hello
    X ends with character hex 0x0A

I *think* the trouble here is that WinSCP incorrectly sends only part of the SSL/TLS Client Hello when it sees the supposedly-end-of-line character.

Do you need any more info?

Thank you for your help.

Edit: Running on Windows 7 Enterprise SP1, 32-bit.
Attached sample packet dump, IP addresses have been anonymized.
Reproducible always.