error in SSLv2/v3 read

Advertisement

Guest

error in SSLv2/v3 read

I can't get WINSCP to connect to a FTP site w/ SSL Explicit encyption.
The server certificate was issued by VeriSign and was fully trusted by the OS by default.

I can get this to work with CuteFTP but everything else I have done is using WinSCP - so I'd like to get it working with that.
I have queried "error in SSLv2/v3 read" but the results bring back no solutions.

Any ideas?


WinSCP Version 4.3.2 (Build 1201) (OS 6.1.7601 Service Pack 1)
< 2011-05-09 17:35:17.838 220 Service ready for new user
> 2011-05-09 17:35:17.838 AUTH SSL
< 2011-05-09 17:35:17.869 234 AUTH Command OK. Initializing SSL connection.
. 2011-05-09 17:35:18.103 SSL3 alert read: fatal: unexpected_message
. 2011-05-09 17:35:18.103 SSL_connect: error in SSLv2/v3 read server hello A
. 2011-05-09 17:35:18.103 Can't establish SSL connection
. 2011-05-09 17:35:18.103 Disconnected from server
. 2011-05-09 17:35:18.104 Connection failed.
. 2011-05-09 17:35:18.104 Got reply 1004 to the command 1
* 2011-05-09 17:35:18.109 (ESshFatal) Connection failed.
* 2011-05-09 17:35:18.109 SSL3 alert read: fatal: unexpected_message
* 2011-05-09 17:35:18.109 SSL_connect: error in SSLv2/v3 read server hello A
* 2011-05-09 17:35:18.109 Can't establish SSL connection
* 2011-05-09 17:35:18.109 Disconnected from server
* 2011-05-09 17:35:18.109 Connection failed.
* 2011-05-09 17:35:18.109 AUTH Command OK. Initializing SSL connection.


CUTEFTP 8.3
----------------------------------
220 Service ready for new user
STATUS:> [5/9/2011 5:16:22 PM] Connected. Authenticating...
COMMAND:> [5/9/2011 5:16:22 PM] AUTH SSL
[5/9/2011 5:16:22 PM] 234 AUTH Command OK. Initializing SSL connection.
STATUS:> [5/9/2011 5:16:22 PM] Establishing SSL session...
STATUS:> [5/9/2011 5:16:22 PM] Connected. Exchanging encryption keys...
STATUS:> [5/9/2011 5:16:22 PM] SSL Connect time: 341 ms.
STATUS:> [5/9/2011 5:16:22 PM] SSL encrypted session established.
COMMAND:> [5/9/2011 5:16:22 PM] PBSZ 0

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Re: error in SSLv2/v3 read

Can you send me an email, so I can send you back a debug version of WinSCP to track the problem? Please include link back to this topic in your email. Also note in this topic that you have sent the email. Thanks.

You will find my address (if you log in) in my forum profile.

Reply with quote

mhamberg
Guest

same issue with FTPS SSL_connect error

I am also experiencing the same error in trying to FTPS a file to a remote server. It says "SSL_connect: error in SSLv2/v3 read server hello A"

Did anyone figure out how to resolve this?

Log looks like this:
2011-08-26 15:35:43.785 Transfer Protocol: FTP
. 2011-08-26 15:35:43.785 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2011-08-26 15:35:43.785 Proxy: none
. 2011-08-26 15:35:43.785 FTP: FTPS: Implicit SSL/TLS; Passive: Yes [Force IP: No]
. 2011-08-26 15:35:43.785 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2011-08-26 15:35:43.785 Cache directory changes: Yes, Permanent: Yes
. 2011-08-26 15:35:43.785 DST mode: 1
. 2011-08-26 15:35:43.785 --------------------------------------------------------------------------
. 2011-08-26 15:35:43.925 Connecting to www.mysite.com ...
. 2011-08-26 15:35:43.957 Connected with www.mysite.com, negotiating SSL connection...
. 2011-08-26 15:35:43.988 SSL_connect: error in SSLv2/v3 read server hello A
. 2011-08-26 15:35:43.988 Can't establish SSL connection
. 2011-08-26 15:35:43.988 Disconnected from server
. 2011-08-26 15:35:43.988 Connection failed.

Reply with quote

mhamberg
Guest

in addition

I should add I can connect just fine with Filezilla and this is my version of WINSCP:

WinSCP Version 4.3.4 (Build 1428) (OS 5.2.3790 Service Pack 2)

Reply with quote

Advertisement

mhamberg
Guest

timing

Any idea when this bug will be fixed? I'd prefer to use WinSCP and not have to buy another FTP program. But I've got to get this up and running in the next two weeks.

Reply with quote

martin
Site Admin
martin avatar

Re: timing

mhamberg wrote:

Any idea when this bug will be fixed? I'd prefer to use WinSCP and not have to buy another FTP program. But I've got to get this up and running in the next two weeks.
I'll focus on it this week.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Re: update?

mhamberg wrote:

Is this working? Can we get an update?

Thanks for your help!
I've spent yesterday several hours trying to fix it. No luck so far.

Reply with quote

Advertisement

Guest23
Guest

SSL3 alert read: fatal: unexpected_message

Team,

can anyone help in resloving the error which i am getting while connecting to FTPS using WINSCP.

I am not sure that i need to do as i am able to connect using other softwares like IPswitch ws_FTP and cute ftp.

Only not able to work with WINSCP.

Reply with quote

martin
Site Admin
martin avatar

Re: SSL Error

GordyM wrote:

Has an answer been found yet?
If you check the tracker link above, you'll find that the bug has been fixed and will be included into the next release.

Reply with quote

Advertisement

martin
Site Admin
martin avatar

rampike wrote:

I have the same problem - maybe it has something to do with certificates?
Have you tried 5.0.7 beta?

Reply with quote

rampike
Guest

I have just tried 5.0.7 and get the same error. The graphical interface works fine, but /script function gives this error:

. 2012-05-14 12:38:44.843 Connecting to 10.0.0.51 ...
. 2012-05-14 12:38:44.843 Connected with 10.0.0.51, negotiating SSL connection...
. 2012-05-14 12:38:44.859 SSL_connect: error in SSLv2/v3 read server hello A
. 2012-05-14 12:38:44.859 Can't establish SSL connection
. 2012-05-14 12:38:44.859 Disconnected from server
. 2012-05-14 12:38:44.859 Connection failed.

Reply with quote

cyberdem
Joined:
Posts:
2
Location:
USA

error in SSLv2/v3 read

I am getting the same error (error in SSLv2/v3 read). downloaded version 4.3.8.0

Any idea?

I appreciate your great help.

Reply with quote

Advertisement

Pathi
Guest

SSL3 alert write: fatal: bad record mac

Hi Martin,

We are getting thses errors continually. Kindly help me.

Thank you,
pathi
1.
TLS connection established. Waiting for welcome message...
Connection failed.
Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES256-SHA384, 2048 bit RSA, ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384

Disconnected from server
Connection failed.

2.
Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES256-SHA384, 2048 bit RSA, ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384

SSL3 alert write: fatal: bad record mac
decryption failed or bad record mac
Disconnected from server
Copying files to remote side failed.
(A)bort, (R)econnect (0 s): Reconnect

3.
Lost connection.
Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES256-SHA384, 2048 bit RSA, ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384

Disconnected from server
Copying files to remote side failed.
(A)bort, (R)econnect (0 s): Reconnect
Connecting to <IP_of_server> ...
TLS connection established. Waiting for welcome message...

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Re: SSL3 alert write: fatal: bad record mac

Pathi wrote:

We are getting thses errors continually. Kindly help me.
Please start a new thread for your problem and include a full session log file showing the problem (using the latest version of WinSCP).

To generate the session log file, enable logging, log in to your server and do the operation and only the operation that causes the error. Submit the log with your post as an attachment. Note that passwords and passphrases not stored in the log. You may want to remove other data you consider sensitive though, such as host names, IP addresses, account names or file names (unless they are relevant to the problem). If you do not want to post the log publicly, you can mark the attachment as private.

Reply with quote

Advertisement

RaduMan
Guest

Re: error in SSLv2/v3 read

martin wrote:

cyberdem wrote:

I am getting the same error (error in SSLv2/v3 read). downloaded version 4.3.8.0
Where did you download 4.3.8 from? It's over 6 years old. Please download the latest version:
https://winscp.net/eng/download.php

TLS connect: error in SSLv2/v3 read server hello A
Can't establish TLS connection
Disconnected from server
Connection failed.

In the version 5.13.7, downloaded today

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Re: error in SSLv2/v3 read

RaduMan wrote:

TLS connect: error in SSLv2/v3 read server hello A
Can't establish TLS connection
Disconnected from server
Connection failed.

In the version 5.13.7, downloaded today
Please start a new thread for your problem. Include a full session log file. And also a log file from any other FTPS client showing a successful connection.

Reply with quote

Advertisement

You can post new topics in this forum