Cannot connect using Explicit SSL/TLS

Advertisement

matej sk
Joined:
Posts:
3

Cannot connect using Explicit SSL/TLS

Hello,

I am having trouble connecting to a FTPS server using WinSCP 5.5.1 (Build 3970), with Explicit TLS/SSL. I have tried all options of the min+max SSL/TLS version setting. The connection goes like this:

220-FileZilla Server version 0.9.41 beta
220-written by Tim Kosse (Tim.Kosse@gmx.de)
220 Please visit http://sourceforge.net/projects/filezilla/
AUTH TLS
234 Using authentication type TLS
(now client sends packet with content X to server)
(client waits for 15 seconds default)
(client sends packet with content Y to server, immediately closes TCP by FIN+ACK)

According to my wireshark debugging:
    X concat Y = Client Hello
    X ends with character hex 0x0A
I *think* the trouble here is that WinSCP incorrectly sends only part of the SSL/TLS Client Hello when it sees the supposedly-end-of-line character.

Do you need any more info?

Thank you for your help.

Edit: Running on Windows 7 Enterprise SP1, 32-bit.
Attached sample packet dump, IP addresses have been anonymized.
Reproducible always.
Description: TLS client timeout packet dump (gzipped due to forum restrictions)

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Re: Cannot connect using Explicit SSL/TLS

Thanks for your report.
I have sent you an email with a debug version of WinSCP to address you have used to register on this forum.

Reply with quote

matej sk
Joined:
Posts:
3

Re: Cannot connect using Explicit SSL/TLS

matej sk wrote:

I *think* the trouble here is that WinSCP incorrectly sends only part of the SSL/TLS Client Hello when it sees the supposedly-end-of-line character.

Sorry for the report and thank you for your time helping on e-mail.
The packet splitting at the 0x0A character seems to have been caused by my VMware Player with NAT mode networking.
The bug is not in the WinSCP client.

Reply with quote

Advertisement

You can post new topics in this forum