FTP TLS Explicit Encryption Problem

Advertisement

donoho
Joined:
Posts:
6

FTP TLS Explicit Encryption Problem

I've spent many days trying to resolve this with info from documentation, forums, google at large. I signed up to post my issue downloading a file via FTPS w Explicit TLS Encryption (Data and Control) and encountered an unexpected different issue.


Successful Connection via CoreFTP GUI, directories/files are visible:

Welcome to Core FTP, release ver 2.2, build 1796 (x64) -- © 2003-2014
WinSock 2.0
Mem -- 8,388,152 KB, Virt -- 137,438,953,344 KB
Started on Wednesday April 30, 2014 at 16:42:PM
Resolving [DNS]...  
Connect socket #820 to [IP], port [PORT]...
220 SecurePortal2000 FTP_Mailbox Server Build 3.2 ready. 20140430164302  
AUTH TLS  
234 Command OK.  
TLSv1, cipher TLSv1/SSLv3 (DHE-RSA-AES256-SHA) - 256 bit
USER [USERNAME]  
331 Password required.  
PASS **********  
230 Login successful.  
SYST  
502 SYST command not implemented.  
Keep alive off...
PWD  
257 "/" is current directory  
PBSZ 0  
200 Command OK.  
PROT P  
200 Command OK.  
PASV  
227 Entering Passive Mode ([IP])  
LIST  
Connect socket #864 to [IP], port [PORT]...
TLSv1, cipher TLSv1/SSLv3 (DHE-RSA-AES256-SHA) - 256 bit
150 Opening ASCII mode data connection.  
226 Transfer complete.  
Transferred 207 bytes in 0.011 seconds  
CWD /archive  
250 CWD command successful.  
PASV  
227 Entering Passive Mode ([IP])  
LIST  
Connect socket #884 to [IP], port [PORT]...
TLSv1, cipher TLSv1/SSLv3 (DHE-RSA-AES256-SHA) - 256 bit
150 Opening ASCII mode data connection.  
226 Transfer complete.  
Transferred 840 bytes in 0.017 seconds  
QUIT  
221 Goodbye. 
Successful Connection via FileZilla GUI directories/files visible:

FileZilla

16:45:52   Status:   Resolving address of [SITE]
16:45:52   Status:   Connecting to [IP:PORT]...
16:45:52   Status:   Connection established, waiting for welcome message...
16:45:52   Response:   220 SecurePortal2000 FTP_Mailbox Server Build 3.2 ready. 20140430164551
16:45:52   Command:   AUTH TLS
16:45:52   Response:   234 Command OK.
16:45:52   Status:   Initializing TLS...
16:45:52   Status:   Verifying certificate...
16:45:52   Command:   USER [USERNAME]
16:45:52   Status:   TLS/SSL connection established.
16:45:52   Response:   331 Password required.
16:45:52   Command:   PASS **********
16:45:52   Response:   230 Login successful.
16:45:52   Command:   PBSZ 0
16:45:52   Response:   200 Command OK.
16:45:52   Command:   PROT P
16:45:52   Response:   200 Command OK.
16:45:52   Status:   Connected
16:45:52   Status:   Retrieving directory listing...
16:45:52   Command:   CWD /archive
16:45:52   Response:   250 CWD command successful.
16:45:52   Command:   TYPE I
16:45:52   Response:   200 Type set to I.
16:45:52   Command:   PASV
16:45:53   Response:   227 Entering Passive Mode ([IP])
16:45:53   Command:   LIST
16:45:53   Response:   150 Opening BINARY mode data connection.
16:45:53   Response:   226 Transfer complete.
16:45:53   Status:   Directory listing successful

Connection successfully made but directories/files unavailable in GUI

--------------------------------------------------------------------------
WinSCP Version 5.5.3 (Build 4214) (OS 6.3.9600 - Windows Server 2012 R2 Standard)
Time zone: Current: GMT-4, Standard: GMT-5 (Eastern Standard Time), DST: GMT-4 (Eastern Daylight Time), DST Start: 3/9/2014, DST End: 11/2/2014
Login time: Wednesday, April 30, 2014 5:36:41 PM
--------------------------------------------------------------------------
Session name: [NAME] (Modified site)
Host name: [SITE] (Port: [PORT])
User name: [USER] (Password: Yes, Key file: No)
Tunnel: No
Transfer Protocol: FTP
Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
Proxy: none
Send buffer: 262144
FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: A]; MLSD: A [List all: A]
Session reuse: Yes
TLS/SSL versions: SSLv3-TLSv1.2
Local directory: default, Remote directory: /inbox/, Update: No, Cache: Yes
Cache directory changes: Yes, Permanent: Yes
DST mode: 1; Timezone offset: 0h 0m
--------------------------------------------------------------------------
Connecting to [SITE:PORT] ...
Connected with [SITE:PORT], negotiating TLS connection...
220 SecurePortal2000 FTP_Mailbox Server Build 3.2 ready. 20140430173641
AUTH TLS
234 Command OK.
Verifying certificate for "[SITE]" with fingerprint [FINGERPRINT]
Certificate for "DB" matches cached fingerprint
Using TLSv1, cipher TLSv1/SSLv3: DHE-RSA-AES256-SHA, 1024 bit RSA
TLS connection established. Waiting for welcome message...
USER [USER]
331 Password required.
PASS ***************
230 Login successful.
SYST
502 SYST command not implemented.
FEAT
550 Syntax error
PBSZ 0
200 Command OK.
PROT P
200 Command OK.
Connected
--------------------------------------------------------------------------
Using FTP protocol.
Doing startup conversation with host.
PWD
257 "/" is current directory
Changing directory to "/inbox/".
CWD /inbox/
250 CWD command successful.
Getting current directory name.
PWD
257 "/inbox" is current directory
Retrieving directory listing...
TYPE A
200 Type set to A.
PASV
227 Entering Passive Mode (160,83,77,211,240,124)
LIST -a
552 Syntax error.
Could not retrieve directory listing
LIST with -a failed, walling back to pure LIST
Retrieving directory listing...
TYPE A
200 Type set to A.
PASV
227 Entering Passive Mode (160,83,77,211,240,125)
LIST
150 Opening ASCII mode data connection.
TLS connection established
-r-------- [USER]     [SIZE] [DATE] [FILE]
226 Transfer complete.
Directory listing successful
..;D;0;1899-12-30T05:00:00.000Z;"" [0];"" [0];---------;0
Startup conversation with host finished.

I was pretty amazed to see the log actually list the directories/files, however I still can't 1) see them in the GUI 2) GET them.

Thanks, I hope I've provided enough information.

Reply with quote

Advertisement

donoho
Joined:
Posts:
6

Re: FTP TLS Explicit Encryption Problem

martin wrote:

Thanks for your log.

Can you please share an actual (not obfuscated) listing?

Thank you for the follow up.

Do you need me to share the non-obfuscated listing publicly?

Reply with quote

martin
Site Admin
martin avatar

Re: FTP TLS Explicit Encryption Problem

donoho wrote:

Do you need me to share the non-obfuscated listing publicly?
You can mark attached log as private.

Reply with quote

donoho
Joined:
Posts:
6

Re: FTP TLS Explicit Encryption Problem

martin wrote:

donoho wrote:

Do you need me to share the non-obfuscated listing publicly?
You can mark attached log as private.

Thanks. Will do.

Reply with quote

Advertisement

donoho
Joined:
Posts:
6

Re: FTP TLS Explicit Encryption Problem

martin wrote:

donoho wrote:

Do you need me to share the non-obfuscated listing publicly?
You can mark attached log as private.

Logs attached, thanks.
  • ftp_logs.txt (5.57 KB, Private file)

Reply with quote

martin
Site Admin
martin avatar

Re: FTP TLS Explicit Encryption Problem

WinSCP does not support format of directory listing used by your server. Particularly because of the number between DB2FL and [USER]. More importantly your server does not support MLSD command that produce standardized listing (as opposite to an obsolete LIST command).

Reply with quote

donoho
Joined:
Posts:
6

Re: FTP TLS Explicit Encryption Problem

martin wrote:

WinSCP does not support format of directory listing used by your server. Particularly because of the number between DB2FL and [USER]. More importantly your server does not support MLSD command that produce standardized listing (as opposite to an obsolete LIST command).

Thank you for taking the time to review, it's greatly appreciated.

This is an external server I connect to with no input/control over. It sounds like I won't be able to use WinSCP for this task. Is that correct?

Reply with quote

martin
Site Admin
martin avatar

Re: FTP TLS Explicit Encryption Problem

donoho wrote:

This is an external server I connect to with no input/control over. It sounds like I won't be able to use WinSCP for this task. Is that correct?
That's unfortunately true.

Reply with quote

Advertisement

donoho
Joined:
Posts:
6

Re: FTP TLS Explicit Encryption Problem

martin wrote:

donoho wrote:

This is an external server I connect to with no input/control over. It sounds like I won't be able to use WinSCP for this task. Is that correct?
That's unfortunately true.

Again, Thank you for taking the time to look into this.

Reply with quote

Advertisement

You can post new topics in this forum