WinSCP 5.1.3 FTPS error- The supplied message is incomplete.

Advertisement

Westenkirchner
Joined:
Posts:
4

WinSCP 5.1.3 FTPS error- The supplied message is incomplete.

I am running the latest version of WinSCP and when I try to connect to IIS 7.5 FTP site using SSL Explict encryption I get an error "The supplied message is incomplete. The signature was not verified."


WinSCP version: 5.1.3(Build 2881)

OS WinSCP is running on - Windows 7

Transfer protocol - FTP
Remote system = Windows_NT
Session protocol = FTP
Compression = No
------------------------------------------------------------
Certificate fingerprint
b3:69:84:a6:39:b1:b7:57:c0:f4:e7:45:11:4e:da:76:fe:0f:9b:ff
------------------------------------------------------------
Can change permissions = Yes
Can change owner/group = No
Can execute arbitrary command = Protocol commands only
Can create symlink/hardlink = No/No
Can lookup user groups = No
Can duplicate remote files = No
Can check available space = No
Can calculate file checksum = No
Native text (ASCII) mode transfers = No
------------------------------------------------------------
Additional information
The server supports these FTP additional features:
LANG EN*
UTF8
AUTH TLS;TLS-C;SSL;TLS-P;
PBSZ
PROT C;P;
CCC
HOST
SIZE
MDTM
REST STREAM

I am using GUI interface in Commander Style

Error Message - Copying files to remote side failed.
The supplied message is incomplete. The signature was not verified.

Steps- login to site
drag file from my documents to test folder on server
file starts transfer but at the completion stage error appears.
I have options of aborting, retrying, or skipping.

Sever uploading too - Server is Windows 2008 R2 IIS 7.5

LOG:
2013-01-23 14:12:54.540 WinSCP Version 5.1.3 (Build 2881) (OS 6.1.7601 Service Pack 1)
. 2013-01-23 14:12:54.540 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2013-01-23 14:12:54.541 Local account: Removed for Security
. 2013-01-23 14:12:54.541 Working directory: C:\Downloaded Applications
. 2013-01-23 14:12:54.541 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe"
. 2013-01-23 14:12:54.541 Time zone: Current: GMT-6, Standard: GMT-6, DST: GMT-5, DST Start: 3/10/2013, DST End: 11/3/2013
. 2013-01-23 14:12:54.541 Login time: Wednesday, January 23, 2013 2:12:54 PM
. 2013-01-23 14:12:54.541 --------------------------------------------------------------------------
. 2013-01-23 14:12:54.541 Session name: (Removed for Security) (Modified stored session)
. 2013-01-23 14:12:54.541 Host name: (Removed for Security)
. 2013-01-23 14:12:54.541 User name: (Removed for Security) (Password: Yes, Key file: No)
. 2013-01-23 14:12:54.541 Tunnel: No
. 2013-01-23 14:12:54.542 Transfer Protocol: FTP
. 2013-01-23 14:12:54.542 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2013-01-23 14:12:54.542 Proxy: none
. 2013-01-23 14:12:54.542 FTP: FTPS: Explicit SSL; Passive: Yes [Force IP: A]
. 2013-01-23 14:12:54.542 Local directory: C:\Users\kevinw\Documents, Remote directory: /test, Update: Yes, Cache: Yes
. 2013-01-23 14:12:54.542 Cache directory changes: Yes, Permanent: Yes
. 2013-01-23 14:12:54.542 DST mode: 1
. 2013-01-23 14:12:54.542 --------------------------------------------------------------------------
. 2013-01-23 14:12:54.627 Connecting to (Removed for Security) ...
. 2013-01-23 14:12:54.815 Connected with (Removed for Security), negotiating SSL connection...
< 2013-01-23 14:12:54.815 220 Microsoft FTP Service
> 2013-01-23 14:12:54.815 AUTH SSL
< 2013-01-23 14:12:54.825 234 AUTH command ok. Expecting TLS Negotiation.
. 2013-01-23 14:12:55.069 SSL connection established. Waiting for welcome message...
> 2013-01-23 14:12:55.070 USER (Removed for Security)
< 2013-01-23 14:12:55.111 331 Password required for (Removed for Security).
> 2013-01-23 14:12:55.111 PASS ********
< 2013-01-23 14:12:55.174 230 User logged in.
> 2013-01-23 14:12:55.174 SYST
< 2013-01-23 14:12:55.235 215 Windows_NT
> 2013-01-23 14:12:55.235 FEAT
< 2013-01-23 14:12:55.297 211-Extended features supported:
< 2013-01-23 14:12:55.297 LANG EN*
< 2013-01-23 14:12:55.297 UTF8
< 2013-01-23 14:12:55.297 AUTH TLS;TLS-C;SSL;TLS-P;
< 2013-01-23 14:12:55.297 PBSZ
< 2013-01-23 14:12:55.297 PROT C;P;
< 2013-01-23 14:12:55.297 CCC
< 2013-01-23 14:12:55.297 HOST
< 2013-01-23 14:12:55.297 SIZE
< 2013-01-23 14:12:55.297 MDTM
< 2013-01-23 14:12:55.297 REST STREAM
< 2013-01-23 14:12:55.297 211 END
> 2013-01-23 14:12:55.297 OPTS UTF8 ON
< 2013-01-23 14:12:55.360 200 OPTS UTF8 command successful - UTF8 encoding now ON.
> 2013-01-23 14:12:55.360 PBSZ 0
< 2013-01-23 14:12:55.422 200 PBSZ command successful.
> 2013-01-23 14:12:55.422 PROT P
< 2013-01-23 14:12:55.485 200 PROT command successful.
. 2013-01-23 14:12:55.525 Connected
. 2013-01-23 14:12:55.525 --------------------------------------------------------------------------
. 2013-01-23 14:12:55.525 Using FTP protocol.
. 2013-01-23 14:12:55.526 Doing startup conversation with host.
> 2013-01-23 14:12:55.581 PWD
< 2013-01-23 14:12:55.643 257 "/" is current directory.
. 2013-01-23 14:12:55.688 Changing directory to "/test".
> 2013-01-23 14:12:55.688 CWD /test
< 2013-01-23 14:12:55.750 250 CWD command successful.
. 2013-01-23 14:12:55.750 Getting current directory name.
> 2013-01-23 14:12:55.750 PWD
< 2013-01-23 14:12:55.812 257 "/test" is current directory.
. 2013-01-23 14:12:55.996 Retrieving directory listing...
> 2013-01-23 14:12:55.996 TYPE A
< 2013-01-23 14:12:55.998 200 Type set to A.
> 2013-01-23 14:12:55.998 PASV
< 2013-01-23 14:12:56.062 227 Entering Passive Mode (130,94,68,(Removed for Security)).
> 2013-01-23 14:12:56.062 LIST -a
< 2013-01-23 14:12:56.126 150 Opening ASCII mode data connection.
. 2013-01-23 14:12:56.204 SSL connection established
< 2013-01-23 14:12:56.244 226 Transfer complete.
. 2013-01-23 14:12:56.245 <Empty directory listing>
. 2013-01-23 14:12:56.263 Directory listing successful
. 2013-01-23 14:12:56.324 Retrieving directory listing...
> 2013-01-23 14:12:56.324 TYPE A
< 2013-01-23 14:12:56.326 200 Type set to A.
> 2013-01-23 14:12:56.326 PASV
< 2013-01-23 14:12:56.387 227 Entering Passive Mode (130,94,68,(Removed for Security)).
> 2013-01-23 14:12:56.387 LIST
< 2013-01-23 14:12:56.457 150 Opening ASCII mode data connection.
. 2013-01-23 14:12:56.537 SSL connection established
< 2013-01-23 14:12:56.564 226 Transfer complete.
. 2013-01-23 14:12:56.567 <Empty directory listing>
. 2013-01-23 14:12:56.598 Directory listing successful
. 2013-01-23 14:12:56.698 Startup conversation with host finished.
. 2013-01-23 14:12:56.846 Disconnected from server
. 2013-01-23 14:13:02.857 Copying 1 files/directories to remote directory "/test/"
. 2013-01-23 14:13:02.857 PrTime: Yes; PrRO: No; Rght: rw-r--r--; PrR: No (No); FnCs: N; RIC: 0100; Resume: S (102400); CalcS: Yes; Mask: *.*
. 2013-01-23 14:13:02.857 TM: B; ClAr: No; CPS: 0; InclM:
. 2013-01-23 14:13:02.857 AscM: *.*html; *.htm; *.txt; *.php; *.php3; *.cgi; *.c; *.cpp; *.h; *.pas; *.bas; *.tex; *.pl; *.js; .htaccess; *.xtml; *.css; *.cfg; *.ini; *.sh; *.xml
. 2013-01-23 14:13:02.857 File: "C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf"
. 2013-01-23 14:13:02.859 Copying "C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf" to remote directory started.
. 2013-01-23 14:13:02.859 Binary transfer mode selected.
. 2013-01-23 14:13:02.859 Starting upload of C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf
> 2013-01-23 14:13:02.859 TYPE I
< 2013-01-23 14:13:02.924 200 Type set to I.
> 2013-01-23 14:13:02.924 PASV
< 2013-01-23 14:13:02.988 227 Entering Passive Mode (130,94,68,(Removed for Security)).
> 2013-01-23 14:13:02.989 STOR ChatLog GUI overview_demo 2012_10_02 14_39.rtf
< 2013-01-23 14:13:03.053 150 Opening BINARY mode data connection.
. 2013-01-23 14:13:03.114 SSL connection established
< 2013-01-23 14:13:03.181 550 The supplied message is incomplete. The signature was not verified.
. 2013-01-23 14:13:03.181 Copying files to remote side failed.
* 2013-01-23 14:13:03.182 (ExtException) Copying files to remote side failed.
* 2013-01-23 14:13:03.182 The supplied message is incomplete. The signature was not verified.
. 2013-01-23 14:13:03.182 Asking user:
. 2013-01-23 14:13:03.182 Error transferring file 'C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf'. ("Copying files to remote side failed.","The supplied message is incomplete. The signature was not verified. ")
* 2013-01-23 14:13:04.696 (EScpSkipFile) Error transferring file 'C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf'.
* 2013-01-23 14:13:04.696 Copying files to remote side failed.
* 2013-01-23 14:13:04.696 The supplied message is incomplete. The signature was not verified.
. 2013-01-23 14:13:04.697 Retrieving directory listing...
> 2013-01-23 14:13:04.697 TYPE A
< 2013-01-23 14:13:04.759 200 Type set to A.
> 2013-01-23 14:13:04.760 PASV
< 2013-01-23 14:13:04.821 227 Entering Passive Mode (130,94,68,(Removed for Security)).
> 2013-01-23 14:13:04.821 LIST
< 2013-01-23 14:13:04.890 150 Opening ASCII mode data connection.
. 2013-01-23 14:13:04.940 SSL connection established
< 2013-01-23 14:13:05.004 226 Transfer complete.
. 2013-01-23 14:13:05.006 <Empty directory listing>
. 2013-01-23 14:13:05.006 Directory listing successful

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Re: WinSCP 5.1.3 FTPS error- The supplied message is incomplete.

The error message comes from the server. I have no idea what does it mean.
_________________
Martin Prikryl

Reply with quote

Westenkirchner
Joined:
Posts:
4

It appears to be an issue with WinSCP and a GnuTLS error related to the TLS 1.1 & TLS 1.2 changes that come from IIS prevention of the BEAST attack.

On the server I get "An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."

WinSCP and Filezilla both throw the same error but CoreFTP has no problems.

Reply with quote

Westenkirchner
Joined:
Posts:
4

Update:

It appears to be an issues with newer WinSCP clients. I got WinSCP Version 4.3.3 (Build 1340) and connected to the exact same server and it worked perfectly. I guess I am stuck on older versions until a bug is fixed.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Thanks for the details.
Can you attach a complete session log file showing session opening using both 4.3.7 and 5.1.3?

Reply with quote

jskel1
Joined:
Posts:
3
Location:
Texas

are logs still needed?

martin wrote:

Can you please provide me the logs?


I am having the same problem. Do you still need logs?
I can send them to a private address.

Thanks
Jeff

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Re: are logs still needed?

jskel1 wrote:

I am having the same problem. Do you still need logs?
I can send them to a private address.
Yes please.

Reply with quote

zaza
Joined:
Posts:
2

I have 5.1.3 and am experiencing‎ same problem.
Does upgrading to version 5.1.5 help at all?
I have never done an upgrade and am worried I might lose my saved sessions.

Last edited by zaza on 2013-07-14 10:18; edited 1 time in total

Reply with quote

arencambre
Joined:
Posts:
5

zaza wrote:

I have 5.1.3 and am experiencing‎ same problem.
Does upgrading to version 5.1.5 help at all?
I have never done an upgrade and am worried I might lose my saved sessions.
We had to downgrade to one of the working versions mentioned above. Something broke with a newer version.

Reply with quote

helge
Guest

Same problem with Azure

I have the same problem. WinSCP 5.1.5 says:

Copying files to remote side failed.
The supplied message is incomplete. The signature was not verified.

This is when I try to copy a file to an Azure FTPS site.

Reply with quote

jskel1
Joined:
Posts:
3
Location:
Texas

next version

martin wrote:

arencambre wrote:

That is a terrible solution as it leaves your vulnerable to attacks like this one: https://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack. It is a bad idea to disable newer versions of TLS.
If you read it to the end, you will see that their solution is to disable SSL 2.0, not newer versions of TLS.

So will the next version you publish have ssl 2.0 off by default?

Reply with quote

jskel1
Joined:
Posts:
3
Location:
Texas

Re: are logs still needed?

martin wrote:

jskel1 wrote:

I am having the same problem. Do you still need logs?
I can send them to a private address.
Yes please.

Sorry for the delay.. I sent logs via email.

thanks
Jeff

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Re: next version

jskel1 wrote:

So will the next version you publish have ssl 2.0 off by default?
If I understand it correctly, it won't help. You need to disable in on server-side. But note that this hack is likely specific to a theirs server only.
Anyway, yes, the next beta release will allow you to configure TLS/SSL version to use.
_________________
Martin Prikryl

Reply with quote

karimelm
Guest

Solved the issue

Hey, i solved the issue by pushing TLS_RSA_WITH_RC4_128_SHA to the top of the chain, and disabling SSL2.0 with IISCrypto 4

Reply with quote

arencambre
Joined:
Posts:
5

Re: Solved the issue

karimelm wrote:

Hey, i solved the issue by pushing TLS_RSA_WITH_RC4_128_SHA to the top of the chain, and disabling SSL2.0 with IISCrypto 4
I feel that this is a workaround, and if IIS is acting according to spec, then clients ought to work correctly with the spec.

Reply with quote

karimelm
Guest

That might be, but a lot of clients dont work with IIS FTPSSL. I've been reading too much about standard this, standard that, and while it might be the case, it didnt help me solve the connection issue.

Btw, I seem not to be able to connect with RDP anymore, not sure if this is what caused it.

Reply with quote

cfreear
Guest

Server 2008?

The MS hotfix is only applicable to Server 2012 though, anyone had any luck with Server 2008 R2? We've tried disabling SSL 2.0 (only have SSL3.0 and TLS 1.0, 1.1 and 1.2 selected)

Reply with quote

djgrazzy
Guest

2008

"anyone had any luck with Server 2008 R2"

The second screen on the download page shows other hotfixes, i have not used these





Windows 7/Windows Server2008 R2 SP1 All (Global) x64 Fix514846
Windows 8.1/Windows Server 2012 R2 All (Global) x64 Fix486154
Windows 8 RTM All (Global) x64 Fix471881

Reply with quote

target
Guest

This is how I solved this

you can do 2 things

1. select WinSCP to use TLS1.0
2. enable on IIS "RC4 128/128" cipher with "IIS Crypto"

both solutions are bad ..

Reply with quote

Advertisement

You can post new topics in this forum