SSL3 alert read: fatal: handshake failure

Advertisement

dominion99
Guest

SSL3 alert read: fatal: handshake failure

I am using 5.1.0 and receive the following error.

It is connecting to a webmethod ftp server, but cannot seem to figure out what is wrong, connection can be set up using ws-ftp-pro, so it must be something related in Winscp.


This is the log file:

. 2013-04-16 10:26:14.202 Session name: FTP@someurl.com (Modified stored session)
. 2013-04-16 10:26:14.202 Host name: someurl.com (Port: 5980)
. 2013-04-16 10:26:14.202 User name: FTP (Password: Yes, Key file: No)
. 2013-04-16 10:26:14.202 Tunnel: No
. 2013-04-16 10:26:14.202 Transfer Protocol: FTP
. 2013-04-16 10:26:14.202 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2013-04-16 10:26:14.202 Proxy: none
. 2013-04-16 10:26:14.202 FTP: FTPS: Explicit SSL; Passive: Yes [Force IP: A]
. 2013-04-16 10:26:14.202 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013-04-16 10:26:14.202 Cache directory changes: Yes, Permanent: Yes
. 2013-04-16 10:26:14.202 DST mode: 1
. 2013-04-16 10:26:14.202 --------------------------------------------------------------------------
. 2013-04-16 10:26:14.217 Session upkeep
. 2013-04-16 10:26:14.267 Connecting to someurl.com:5980 ...
. 2013-04-16 10:26:14.268 m_pSslLayer changed state from 0 to 1
. 2013-04-16 10:26:14.268 m_pSslLayer changed state from 1 to 2
. 2013-04-16 10:26:14.439 m_pSslLayer changed state from 2 to 4
. 2013-04-16 10:26:14.453 Connected with someurl.com:5980, negotiating SSL connection...
< 2013-04-16 10:26:15.449 220 someurl.com:5980 FTP server (webMethods Integration Server version 7.1.3.0) ready.
> 2013-04-16 10:26:16.443 AUTH SSL
< 2013-04-16 10:26:16.443 234 AUTH SSL OK.
. 2013-04-16 10:26:16.444 SSL3 alert read: fatal: handshake failure
. 2013-04-16 10:26:16.444 SSL_connect: error in SSLv2/v3 read server hello A
. 2013-04-16 10:26:16.444 Can't establish SSL connection
. 2013-04-16 10:26:16.444 m_pSslLayer changed state from 4 to 5
. 2013-04-16 10:26:16.444 Disconnected from server
. 2013-04-16 10:26:16.444 Connection failed.
. 2013-04-16 10:26:16.444 Got reply 1004 to the command 1
* 2013-04-16 10:26:17.318 (EFatal) Connection failed.
* 2013-04-16 10:26:17.318 SSL3 alert read: fatal: handshake failure
* 2013-04-16 10:26:17.318 SSL_connect: error in SSLv2/v3 read server hello A
* 2013-04-16 10:26:17.318 Can't establish SSL connection
* 2013-04-16 10:26:17.318 Disconnected from server
* 2013-04-16 10:26:17.318 Connection failed.
* 2013-04-16 10:26:17.318 AUTH SSL OK.
. 2013-04-16 10:26:27.444 Session upkeep

Reply with quote

Advertisement

dominion99
Guest

I have tested on the same machine using FileZilla and that is connecting successfully:

Updated the configuration in WinScp to use explicit TLS, here is the new log:
. 2013-04-16 11:12:33.365 Session name: FTP@webbs0071dsm.srvfarm2-eur.dsm-group.com (Modified stored session)
. 2013-04-16 11:12:33.365 Host name: someurl.com (Port: 5980)
. 2013-04-16 11:12:33.365 User name: FTP (Password: Yes, Key file: No)
. 2013-04-16 11:12:33.365 Tunnel: No
. 2013-04-16 11:12:33.365 Transfer Protocol: FTP
. 2013-04-16 11:12:33.365 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2013-04-16 11:12:33.365 Proxy: none
. 2013-04-16 11:12:33.365 FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: A]
. 2013-04-16 11:12:33.365 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013-04-16 11:12:33.365 Cache directory changes: Yes, Permanent: Yes
. 2013-04-16 11:12:33.365 DST mode: 1; Timezone offset: 0h 0m
. 2013-04-16 11:12:33.365 --------------------------------------------------------------------------
. 2013-04-16 11:12:33.365 Session upkeep
. 2013-04-16 11:12:33.443 Connecting to someurl.com:5980 ...
. 2013-04-16 11:12:33.443 m_pSslLayer changed state from 0 to 1
. 2013-04-16 11:12:33.443 m_pSslLayer changed state from 1 to 2
. 2013-04-16 11:12:33.443 m_pSslLayer changed state from 2 to 4
. 2013-04-16 11:12:33.490 Connected with someurl.com:5980, negotiating SSL connection...
< 2013-04-16 11:12:33.490 220 someurl.com:5980 FTP server (webMethods Integration Server version 7.1.3.0) ready.
> 2013-04-16 11:12:33.490 AUTH TLS
< 2013-04-16 11:12:33.490 234 AUTH TLS OK.
. 2013-04-16 11:12:33.490 SSL3 alert read: fatal: handshake failure
. 2013-04-16 11:12:33.490 SSL_connect: error in SSLv2/v3 read server hello A
. 2013-04-16 11:12:33.490 Can't establish SSL connection
. 2013-04-16 11:12:33.490 Disconnected from server
. 2013-04-16 11:12:33.490 Connection failed.
. 2013-04-16 11:12:33.490 Got reply 1004 to the command 1
* 2013-04-16 11:12:33.553 (EFatal) Connection failed.
* 2013-04-16 11:12:33.553 SSL3 alert read: fatal: handshake failure
* 2013-04-16 11:12:33.553 SSL_connect: error in SSLv2/v3 read server hello A
* 2013-04-16 11:12:33.553 Can't establish SSL connection
* 2013-04-16 11:12:33.553 Disconnected from server
* 2013-04-16 11:12:33.553 Connection failed.
* 2013-04-16 11:12:33.553 AUTH TLS OK.

I will try to fetch a log file from FileZilla, i need this working with WinSCP because i am using another tool that connects via WinScp.

Reply with quote

dominion99
Guest

Filezilla log file:

2013-04-16 11:18:14 2288 3 Status: Resolving address of someurl.com
2013-04-16 11:18:14 2288 3 Status: Connecting to x.x.x.x:5980...
2013-04-16 11:18:14 2288 3 Status: Connection established, waiting for welcome message...
2013-04-16 11:18:14 2288 3 Trace: CFtpControlSocket::OnReceive()
2013-04-16 11:18:14 2288 3 Response: 220 someurl.com:5980 FTP server (webMethods Integration Server version 7.1.3.0) ready.
2013-04-16 11:18:14 2288 3 Trace: CFtpControlSocket::SendNextCommand()
2013-04-16 11:18:14 2288 3 Command: AUTH TLS
2013-04-16 11:18:14 2288 3 Trace: CFtpControlSocket::OnReceive()
2013-04-16 11:18:14 2288 3 Response: 234 AUTH TLS OK.
2013-04-16 11:18:14 2288 3 Status: Initializing TLS...
2013-04-16 11:18:14 2288 3 Trace: CTlsSocket::Handshake()
2013-04-16 11:18:14 2288 3 Trace: CTlsSocket::ContinueHandshake()
2013-04-16 11:18:14 2288 3 Trace: CTlsSocket::OnSend()
2013-04-16 11:18:14 2288 3 Trace: CTlsSocket::OnRead()
2013-04-16 11:18:14 2288 3 Trace: CTlsSocket::ContinueHandshake()
2013-04-16 11:18:14 2288 3 Trace: CTlsSocket::OnRead()
2013-04-16 11:18:14 2288 3 Trace: CTlsSocket::ContinueHandshake()
2013-04-16 11:18:14 2288 3 Trace: CTlsSocket::OnRead()
2013-04-16 11:18:14 2288 3 Trace: CTlsSocket::ContinueHandshake()
2013-04-16 11:18:15 2288 3 Trace: CTlsSocket::OnRead()
2013-04-16 11:18:15 2288 3 Trace: CTlsSocket::ContinueHandshake()
2013-04-16 11:18:15 2288 3 Trace: TLS Handshake successful
2013-04-16 11:18:15 2288 3 Trace: Cipher: AES-256-CBC, MAC: SHA1
2013-04-16 11:18:15 2288 3 Status: Verifying certificate...
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::SendNextCommand()
2013-04-16 11:18:15 2288 3 Command: USER FTP
2013-04-16 11:18:15 2288 3 Status: TLS/SSL connection established.
2013-04-16 11:18:15 2288 3 Trace: CTlsSocket::OnRead()
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::OnReceive()
2013-04-16 11:18:15 2288 3 Response: 331 Password required for FTP.
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::SendNextCommand()
2013-04-16 11:18:15 2288 3 Command: PASS ********
2013-04-16 11:18:15 2288 3 Trace: CTlsSocket::OnRead()
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::OnReceive()
2013-04-16 11:18:15 2288 3 Response: 230 User FTP logged in.
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::SendNextCommand()
2013-04-16 11:18:15 2288 3 Command: SYST
2013-04-16 11:18:15 2288 3 Trace: CTlsSocket::OnRead()
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::OnReceive()
2013-04-16 11:18:15 2288 3 Response: 215 UNIX Type: L8 Version: webMethods IS FTP version 7.1.3.0
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::SendNextCommand()
2013-04-16 11:18:15 2288 3 Command: FEAT
2013-04-16 11:18:15 2288 3 Trace: CTlsSocket::OnRead()
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::OnReceive()
2013-04-16 11:18:15 2288 3 Response: 500 'FEAT': command not understood.
2013-04-16 11:18:15 2288 3 Status: Server does not support non-ASCII characters.
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::SendNextCommand()
2013-04-16 11:18:15 2288 3 Command: PBSZ 0
2013-04-16 11:18:15 2288 3 Trace: CTlsSocket::OnRead()
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::OnReceive()
2013-04-16 11:18:15 2288 3 Response: 200 PBSZ Command successful. (PBSZ=0)
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::SendNextCommand()
2013-04-16 11:18:15 2288 3 Command: PROT P
2013-04-16 11:18:15 2288 3 Trace: CTlsSocket::OnRead()
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::OnReceive()
2013-04-16 11:18:15 2288 3 Response: 200 PROT set to P.
2013-04-16 11:18:15 2288 3 Status: Connected
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-04-16 11:18:15 2288 3 Trace: CControlSocket::ResetOperation(0)
2013-04-16 11:18:15 2288 3 Trace: CFileZillaEnginePrivate::ResetOperation(0)
2013-04-16 11:18:15 2288 3 Trace: Measured latency of 7 ms
2013-04-16 11:18:15 2288 3 Status: Retrieving directory listing...
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::SendNextCommand()
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::ChangeDirSend()
2013-04-16 11:18:15 2288 3 Command: PWD
2013-04-16 11:18:15 2288 3 Trace: CTlsSocket::OnRead()
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::OnReceive()
2013-04-16 11:18:15 2288 3 Response: 257 "/" is current directory.
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::ResetOperation(0)
2013-04-16 11:18:15 2288 3 Trace: CControlSocket::ResetOperation(0)
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::ParseSubcommandResult(0)
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::ListSubcommandResult()
2013-04-16 11:18:15 2288 3 Trace: state = 1
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::SendNextCommand()
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::TransferSend()
2013-04-16 11:18:15 2288 3 Trace: state = 1
2013-04-16 11:18:15 2288 3 Command: TYPE I
2013-04-16 11:18:15 2288 3 Trace: CTlsSocket::OnRead()
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::OnReceive()
2013-04-16 11:18:15 2288 3 Response: 200 Type set to I.
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-04-16 11:18:15 2288 3 Trace: code = 2
2013-04-16 11:18:15 2288 3 Trace: state = 1
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::SendNextCommand()
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::TransferSend()
2013-04-16 11:18:15 2288 3 Trace: state = 2
2013-04-16 11:18:15 2288 3 Command: PASV
2013-04-16 11:18:15 2288 3 Trace: CTlsSocket::OnRead()
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::OnReceive()
2013-04-16 11:18:15 2288 3 Response: 227 Entering Passive Mode (144,119,161,81,204,33)
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::TransferParseResponse()
2013-04-16 11:18:15 2288 3 Trace: code = 2
2013-04-16 11:18:15 2288 3 Trace: state = 2
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::SendNextCommand()
2013-04-16 11:18:15 2288 3 Trace: CFtpControlSocket::TransferSend()
2013-04-16 11:18:15 2288 3 Trace: state = 4
2013-04-16 11:18:15 2288 3 Command: LIST


Hopefully someone can identify if this is a bug or something incorrectly configured within WinSCP, this drives me crazy.

Reply with quote

dominion99
Guest

I have also used the latest beta 5.2 and imported the site that i have created (and is working in FileZilla) however the same error is thrown, below is that log file from WinScp (now 5.2)

. 2013-04-16 11:30:24.620 Session name: FTP@someurl.com (Stored session)
. 2013-04-16 11:30:24.620 Host name: someurl.com (Port: 5980)
. 2013-04-16 11:30:24.620 User name: FTP (Password: Yes, Key file: No)
. 2013-04-16 11:30:24.620 Tunnel: No
. 2013-04-16 11:30:24.620 Transfer Protocol: FTP
. 2013-04-16 11:30:24.620 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2013-04-16 11:30:24.620 Proxy: none
. 2013-04-16 11:30:24.620 FTP: FTPS: Explicit SSL; Passive: Yes [Force IP: A]; MLSD: A
. 2013-04-16 11:30:24.620 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013-04-16 11:30:24.620 Cache directory changes: Yes, Permanent: Yes
. 2013-04-16 11:30:24.620 DST mode: 1; Timezone offset: 0h 0m
. 2013-04-16 11:30:24.620 --------------------------------------------------------------------------
. 2013-04-16 11:30:24.698 Connecting to someurl.com:5980 ...
. 2013-04-16 11:30:24.698 m_pSslLayer changed state from 0 to 1
. 2013-04-16 11:30:24.698 m_pSslLayer changed state from 1 to 2
. 2013-04-16 11:30:24.698 m_pSslLayer changed state from 2 to 4
. 2013-04-16 11:30:24.745 Connected with someurl.com:5980, negotiating SSL connection...
< 2013-04-16 11:30:24.745 220 someurl.com:5980 FTP server (webMethods Integration Server version 7.1.3.0) ready.
> 2013-04-16 11:30:24.745 AUTH SSL
< 2013-04-16 11:30:24.745 234 AUTH SSL OK.
. 2013-04-16 11:30:24.854 SSL3 alert read: fatal: handshake failure
. 2013-04-16 11:30:24.854 SSL_connect: error in SSLv2/v3 read server hello A
. 2013-04-16 11:30:24.854 Can't establish SSL connection
. 2013-04-16 11:30:24.854 Disconnected from server
. 2013-04-16 11:30:24.854 Connection failed.
. 2013-04-16 11:30:24.854 Got reply 1004 to the command 1
* 2013-04-16 11:30:24.870 (EFatal) Connection failed.
* 2013-04-16 11:30:24.870 SSL3 alert read: fatal: handshake failure
* 2013-04-16 11:30:24.870 SSL_connect: error in SSLv2/v3 read server hello A
* 2013-04-16 11:30:24.870 Can't establish SSL connection
* 2013-04-16 11:30:24.870 Disconnected from server
* 2013-04-16 11:30:24.870 Connection failed.
* 2013-04-16 11:30:24.870 AUTH SSL OK.

Sorry to post all this log information, but i am hoping someone can shed some light on this

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Can you send me an email, so I can send you back a debug version of WinSCP to track the problem? Please include link back to this topic in your email. Also note in this topic that you have sent the email. Thanks.

You will find my address (if you log in) in my forum profile.

Reply with quote

Advertisement

Dominion
Joined:
Posts:
6

Dominion wrote:

I still did not received a debug version, tested the latest beta but the problem still exists, how to proceed?

Seems Martin is ignoring me, another kick for this thread

Reply with quote

Advertisement

You can post new topics in this forum