Unable to connect to ftps

Advertisement

Rajnesh
Joined:
Posts:
2
Location:
India

Unable to connect to ftps

Hi,

The same FTPS connection works fine with FileZilla (However it fails with wincp).
Encryption : TLS Explicit connection

It seems that we are missing appropriate ciphers that can be used with winscp
Logs :-
---------------------------------------------------
. 2013-03-22 05:28:44.429 --------------------------------------------------------------------------
. 2013-03-22 05:28:44.429 WinSCP Version 5.1.3 (Build 2881) (OS 5.1.2600 Service Pack 3)
. 2013-03-22 05:28:44.429 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2013-03-22 05:28:44.429 Local account: HOME\Administrator
. 2013-03-22 05:28:44.429 Working directory: C:\Documents and Settings\Administrator.HOME\Desktop
. 2013-03-22 05:28:44.429 Command-line: "C:\Program Files\WinSCP\WinSCP.exe"
. 2013-03-22 05:28:44.429 Time zone: Current: GMT+0, Standard: GMT+0, DST: GMT+1, DST Start: 3/31/2013, DST End: 10/27/2013
. 2013-03-22 05:28:44.429 Login time: Friday, March 22, 2013 5:28:44 AM
. 2013-03-22 05:28:44.429 --------------------------------------------------------------------------
. 2013-03-22 05:28:44.429 Session name: rsiwal@172.31.240.29 (Modified stored session)
. 2013-03-22 05:28:44.429 Host name: 172.31.240.29 (Port: 21)
. 2013-03-22 05:28:44.429 User name: rsiwal (Password: Yes, Key file: No)
. 2013-03-22 05:28:44.429 Tunnel: No
. 2013-03-22 05:28:44.429 Transfer Protocol: FTP
. 2013-03-22 05:28:44.429 Ping type: C, Ping interval: 30 sec; Timeout: 60 sec
. 2013-03-22 05:28:44.429 Proxy: none
. 2013-03-22 05:28:44.429 FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: A]
. 2013-03-22 05:28:44.429 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013-03-22 05:28:44.429 Cache directory changes: Yes, Permanent: Yes
. 2013-03-22 05:28:44.429 DST mode: 1
. 2013-03-22 05:28:44.429 --------------------------------------------------------------------------
. 2013-03-22 05:28:44.429 Session upkeep
. 2013-03-22 05:28:44.510 Connecting to 172.31.240.29 ...
. 2013-03-22 05:28:44.510 m_pSslLayer changed state from 0 to 1
. 2013-03-22 05:28:44.510 m_pSslLayer changed state from 1 to 2
. 2013-03-22 05:28:44.510 m_pSslLayer changed state from 2 to 4
. 2013-03-22 05:28:44.560 Connected with 172.31.240.29, negotiating SSL connection...
< 2013-03-22 05:28:44.560 220 Hello.
> 2013-03-22 05:28:44.560 AUTH TLS
< 2013-03-22 05:28:44.560 234 Proceed with negotiation.
. 2013-03-22 05:28:44.560 SSL_connect: SSLv3 read server hello A
. 2013-03-22 05:28:44.560 SSL_connect: SSLv3 read server certificate A
. 2013-03-22 05:28:44.560 SSL_connect: SSLv3 read server certificate request A
. 2013-03-22 05:28:44.560 SSL_connect: SSLv3 read server done A
. 2013-03-22 05:28:44.560 SSL_connect: SSLv3 write client certificate A
. 2013-03-22 05:28:44.560 SSL_connect: SSLv3 write client key exchange A
. 2013-03-22 05:28:44.560 SSL_connect: SSLv3 write change cipher spec A
. 2013-03-22 05:28:44.560 SSL_connect: SSLv3 write finished A
. 2013-03-22 05:28:44.560 SSL_connect: SSLv3 flush data
. 2013-03-22 05:28:44.560 SSL_connect: SSLv3 read server session ticket A
. 2013-03-22 05:28:44.560 SSL_connect: SSLv3 read finished A
. 2013-03-22 05:28:44.560 Connection failed.
. 2013-03-22 05:28:44.560 Got reply 1004 to the command 1
* 2013-03-22 05:28:44.620 (EFatal) Connection failed.
* 2013-03-22 05:28:44.620 Connection failed.
* 2013-03-22 05:28:44.620 Proceed with negotiation.
. 2013-03-22 05:28:49.697 Internal error: Connect called while still connected
. 2013-03-22 05:28:49.697 Connection failed.
. 2013-03-22 05:28:49.697 Got reply 3004 to the command 1
* 2013-03-22 05:28:49.747 (EFatal) Connection failed.
* 2013-03-22 05:28:49.747 Internal error: Connect called while still connected
* 2013-03-22 05:28:49.747 Connection failed.
. 2013-03-22 05:28:54.844 Session upkeep
. 2013-03-22 05:28:54.915 Connecting to 172.31.240.29 ...
. 2013-03-22 05:28:54.915 m_pSslLayer changed state from 0 to 1
. 2013-03-22 05:28:54.915 m_pSslLayer changed state from 1 to 2
. 2013-03-22 05:28:54.915 m_pSslLayer changed state from 2 to 4
. 2013-03-22 05:28:54.965 Connected with 172.31.240.29, negotiating SSL connection...
< 2013-03-22 05:28:54.965 220 Hello.
> 2013-03-22 05:28:54.965 AUTH TLS
< 2013-03-22 05:28:54.965 234 Proceed with negotiation.
. 2013-03-22 05:28:54.965 SSL_connect: SSLv3 read server hello A
. 2013-03-22 05:28:54.965 SSL_connect: SSLv3 read server certificate A
. 2013-03-22 05:28:54.965 SSL_connect: SSLv3 read server certificate request A
. 2013-03-22 05:28:54.965 SSL_connect: SSLv3 read server done A
. 2013-03-22 05:28:54.965 SSL_connect: SSLv3 write client certificate A
. 2013-03-22 05:28:54.965 SSL_connect: SSLv3 write client key exchange A
. 2013-03-22 05:28:54.965 SSL_connect: SSLv3 write change cipher spec A
. 2013-03-22 05:28:54.965 SSL_connect: SSLv3 write finished A
. 2013-03-22 05:28:54.965 SSL_connect: SSLv3 flush data
. 2013-03-22 05:28:54.965 SSL_connect: SSLv3 read server session ticket A
. 2013-03-22 05:28:54.965 SSL_connect: SSLv3 read finished A
. 2013-03-22 05:28:54.965 Connection failed.
. 2013-03-22 05:28:54.965 Got reply 1004 to the command 1
* 2013-03-22 05:28:55.025 (EFatal) Connection failed.
* 2013-03-22 05:28:55.025 Connection failed.
* 2013-03-22 05:28:55.025 Proceed with negotiation.

Reply with quote

Advertisement

Rajnesh
Joined:
Posts:
2
Location:
India

vsftpd.conf

ssl_enable=YES
allow_anon_ssl=NO
force_local_logins_ssl=YES
force_local_data_ssl=YES
ssl_ciphers=HIGH
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
require_ssl_reuse=NO

pasv_enable=YES
pasv_min_port=50000
pasv_max_port=50999

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,390
Location:
Prague, Czechia

Re: Unable to connect to ftps

Thanks for your report.
I have sent you an email with a debug version of WinSCP to address you have used to register on this forum.

Reply with quote

Ian Bamforth
Guest

Was there an answer to this?
I am experiencing a similar issue.
All works fine with filezilla, but winscp fails to present the certificate

Here is my log file


. 2013-07-12 07:31:11.524 WinSCP Version 5.1.5 (Build 3261) (OS 5.1.2600 Service Pack 3)
. 2013-07-12 07:31:11.524 Configuration: G:\Portable\File Transfer\WinSCP\WinSCP.ini
. 2013-07-12 07:31:11.524 Local account: !!!
. 2013-07-12 07:31:11.524 Working directory: !!!
. 2013-07-12 07:31:11.524 Process ID: 7072
. 2013-07-12 07:31:11.524 Command-line: !!!
. 2013-07-12 07:31:11.524 Time zone: Current: GMT+1, Standard: GMT+0, DST: GMT+1, DST Start: 31/03/2013, DST End: 27/10/2013
. 2013-07-12 07:31:11.524 Login time: 12 July 2013 07:31:11
. 2013-07-12 07:31:11.524 --------------------------------------------------------------------------
. 2013-07-12 07:31:11.524 Session name: !!!
. 2013-07-12 07:31:11.524 Host name: !!!!
. 2013-07-12 07:31:11.524 User name: !!!!
. 2013-07-12 07:31:11.524 Tunnel: No
. 2013-07-12 07:31:11.524 Transfer Protocol: FTP
. 2013-07-12 07:31:11.524 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2013-07-12 07:31:11.524 Proxy: none
. 2013-07-12 07:31:11.524 FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: A]
. 2013-07-12 07:31:11.524 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013-07-12 07:31:11.524 Cache directory changes: Yes, Permanent: Yes
. 2013-07-12 07:31:11.524 DST mode: 1; Timezone offset: 0h 0m
. 2013-07-12 07:31:11.524 --------------------------------------------------------------------------
. 2013-07-12 07:31:11.524 Session upkeep
. 2013-07-12 07:31:11.602 Connecting to !!!:990 ...
. 2013-07-12 07:31:11.602 m_pSslLayer changed state from 0 to 1
. 2013-07-12 07:31:11.602 m_pSslLayer changed state from 1 to 2
. 2013-07-12 07:31:11.742 m_pSslLayer changed state from 2 to 4
. 2013-07-12 07:31:11.789 Connected with !!!:990, negotiating SSL connection...
< 2013-07-12 07:31:11.961 220 (vsFTPd 2.0.5)
> 2013-07-12 07:31:11.961 AUTH TLS
< 2013-07-12 07:31:12.179 234 Proceed with negotiation.
. 2013-07-12 07:31:12.414 SSL_connect: SSLv3 read server hello A
. 2013-07-12 07:31:12.414 SSL_connect: SSLv3 read server certificate A
. 2013-07-12 07:31:12.414 SSL_connect: SSLv3 read server certificate request A
. 2013-07-12 07:31:12.414 SSL_connect: SSLv3 read server done A
. 2013-07-12 07:31:12.414 SSL_connect: SSLv3 write client certificate A
. 2013-07-12 07:31:12.414 SSL_connect: SSLv3 write client key exchange A
. 2013-07-12 07:31:12.414 SSL_connect: SSLv3 write change cipher spec A
. 2013-07-12 07:31:12.414 SSL_connect: SSLv3 write finished A
. 2013-07-12 07:31:12.414 SSL_connect: SSLv3 flush data
. 2013-07-12 07:31:12.617 SSL_connect: SSLv3 read finished A
. 2013-07-12 07:31:12.617 Connection failed.
. 2013-07-12 07:31:12.632 Got reply 1004 to the command 1
* 2013-07-12 07:31:12.663 (EFatal) Connection failed.
* 2013-07-12 07:31:12.663 Connection failed.
* 2013-07-12 07:31:12.663 Proceed with negotiation.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,390
Location:
Prague, Czechia

Ian Bamforth wrote:

Was there an answer to this?
I am experiencing a similar issue.
All works fine with filezilla, but winscp fails to present the certificate
Can you send me an email, so I can send you back a debug version of WinSCP to track the problem? Please include link back to this topic in your email. Also note in this topic that you have sent the email. Thanks.

You will find my address (if you log in) in my forum profile.

Reply with quote

Advertisement

TimL
Guest

Hi,

thanks for WinSCP! I also have a problem to connect to Prodtpd using FTPS. Can you fix it? Filezilla is working well!

. 2013-08-23 02:01:17.001 --------------------------------------------------------------------------
. 2013-08-23 02:01:17.001 WinSCP Version 5.1.7 (Build 3446) (OS 6.0.6002 Service Pack 2)
. 2013-08-23 02:01:17.001 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2013-08-23 02:01:17.001 Local account: LAPTOP\User
. 2013-08-23 02:01:17.001 Working directory: C:\Program Files\WinSCP
. 2013-08-23 02:01:17.001 Process ID: 7248
. 2013-08-23 02:01:17.001 Command-line: "C:\Program Files\WinSCP\WinSCP.exe" 
. 2013-08-23 02:01:17.001 Time zone: Current: GMT+2, Standard: GMT+1, DST: GMT+2, DST Start: 31.03.2013, DST End: 27.10.2013
. 2013-08-23 02:01:17.001 Login time: Freitag, 23. August 2013 02:01:17
. 2013-08-23 02:01:17.001 --------------------------------------------------------------------------
. 2013-08-23 02:01:17.001 Session name: root@192.168.178.199 (Stored session)
. 2013-08-23 02:01:17.001 Host name: 192.168.178.199 (Port: 21)
. 2013-08-23 02:01:17.001 User name: root (Password: Yes, Key file: No)
. 2013-08-23 02:01:17.001 Tunnel: No
. 2013-08-23 02:01:17.001 Transfer Protocol: FTP
. 2013-08-23 02:01:17.001 Ping type: C, Ping interval: 30 sec; Timeout: 20 sec
. 2013-08-23 02:01:17.001 Proxy: none
. 2013-08-23 02:01:17.001 FTP: FTPS: Explicit SSL; Passive: Yes [Force IP: +]; List all: A
. 2013-08-23 02:01:17.001 Session reuse: Yes
. 2013-08-23 02:01:17.001 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013-08-23 02:01:17.001 Cache directory changes: Yes, Permanent: Yes
. 2013-08-23 02:01:17.001 DST mode: 1; Timezone offset: 0h 0m
. 2013-08-23 02:01:17.001 --------------------------------------------------------------------------
. 2013-08-23 02:01:17.048 Session upkeep
. 2013-08-23 02:01:17.157 Connecting to 192.168.178.199 ...
. 2013-08-23 02:01:17.157 m_pSslLayer changed state from 0 to 1
. 2013-08-23 02:01:17.157 m_pSslLayer changed state from 1 to 2
. 2013-08-23 02:01:17.157 m_pSslLayer changed state from 2 to 4
. 2013-08-23 02:01:17.220 Connected with 192.168.178.199, negotiating SSL connection...
< 2013-08-23 02:01:17.220 220 ProFTPD 1.3.4a Server (Debian) [192.168.178.199]
> 2013-08-23 02:01:17.220 AUTH SSL
< 2013-08-23 02:01:17.220 234 AUTH SSL successful
. 2013-08-23 02:01:17.220 SSL_connect: SSLv3 read server hello A
. 2013-08-23 02:01:17.220 SSL_connect: SSLv3 read server certificate A
. 2013-08-23 02:01:17.220 SSL_connect: SSLv3 read server key exchange A
. 2013-08-23 02:01:17.220 SSL_connect: SSLv3 read server done A
. 2013-08-23 02:01:17.220 SSL_connect: SSLv3 write client key exchange A
. 2013-08-23 02:01:17.220 SSL_connect: SSLv3 write change cipher spec A
. 2013-08-23 02:01:17.220 SSL_connect: SSLv3 write finished A
. 2013-08-23 02:01:17.220 SSL_connect: SSLv3 flush data
. 2013-08-23 02:01:17.266 SSL_connect: SSLv3 read finished A
. 2013-08-23 02:01:17.266 Connection failed.
. 2013-08-23 02:01:17.266 Got reply 1004 to the command 1
* 2013-08-23 02:01:17.282 (EFatal) Connection failed.
* 2013-08-23 02:01:17.282 Connection failed.
* 2013-08-23 02:01:17.282 AUTH SSL successful

Reply with quote

TimL
Joined:
Posts:
2

Thanks for the answer! Of course I can:

. 2013-08-27 21:06:30.929 --------------------------------------------------------------------------
. 2013-08-27 21:06:30.929 WinSCP Version 5.2.3 (Build 3436) (OS 6.0.6002 Service Pack 2)
. 2013-08-27 21:06:30.929 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2013-08-27 21:06:30.929 Local account: LAPTOP\Tim
. 2013-08-27 21:06:30.929 Working directory: C:\Program Files\WinSCP
. 2013-08-27 21:06:30.929 Process ID: 1744
. 2013-08-27 21:06:30.929 Command-line: "C:\Program Files\WinSCP\WinSCP.exe"
. 2013-08-27 21:06:30.929 Time zone: Current: GMT+2, Standard: GMT+1, DST: GMT+2, DST Start: 31.03.2013, DST End: 27.10.2013
. 2013-08-27 21:06:30.929 Login time: Dienstag, 27. August 2013 21:06:30
. 2013-08-27 21:06:30.929 --------------------------------------------------------------------------
. 2013-08-27 21:06:30.929 Session name: 192.168.178.199 (Modified site)
. 2013-08-27 21:06:30.929 Host name: 192.168.178.199 (Port: 21)
. 2013-08-27 21:06:30.929 User name: root (Password: Yes, Key file: No)
. 2013-08-27 21:06:30.929 Tunnel: No
. 2013-08-27 21:06:30.929 Transfer Protocol: FTP
. 2013-08-27 21:06:30.929 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2013-08-27 21:06:30.929 Proxy: none
. 2013-08-27 21:06:30.929 FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: A]; MLSD: A [List all: A]
. 2013-08-27 21:06:30.929 Session reuse: Yes
. 2013-08-27 21:06:30.929 TLS/SSL versions: SSLv2-TLSv1.2
. 2013-08-27 21:06:30.929 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013-08-27 21:06:30.929 Cache directory changes: Yes, Permanent: Yes
. 2013-08-27 21:06:30.929 DST mode: 1; Timezone offset: 0h 0m
. 2013-08-27 21:06:30.929 --------------------------------------------------------------------------
. 2013-08-27 21:06:31.022 Connecting to 192.168.178.199 ...
. 2013-08-27 21:06:31.022 TLS layer changed state from unconnected to connecting
. 2013-08-27 21:06:31.022 TLS layer changed state from connecting to connected
. 2013-08-27 21:06:31.085 Connected with 192.168.178.199, negotiating TLS connection...
< 2013-08-27 21:06:31.085 220 ProFTPD 1.3.4a Server (Debian) [192.168.178.199]
> 2013-08-27 21:06:31.085 AUTH TLS
< 2013-08-27 21:06:31.085 234 AUTH TLS successful
. 2013-08-27 21:06:31.131 TLS connect: SSLv3 read server hello A
. 2013-08-27 21:06:31.131 TLS connect: SSLv3 read server certificate A
. 2013-08-27 21:06:31.131 TLS connect: SSLv3 read server key exchange A
. 2013-08-27 21:06:31.131 TLS connect: SSLv3 read server done A
. 2013-08-27 21:06:31.131 TLS connect: SSLv3 write client key exchange A
. 2013-08-27 21:06:31.131 TLS connect: SSLv3 write change cipher spec A
. 2013-08-27 21:06:31.131 TLS connect: SSLv3 write finished A
. 2013-08-27 21:06:31.131 TLS connect: SSLv3 flush data
. 2013-08-27 21:06:31.397 TLS connect: SSLv3 read finished A
. 2013-08-27 21:06:31.397 Connection failed.
. 2013-08-27 21:06:31.397 Got reply 1004 to the command 1
* 2013-08-27 21:06:31.506 (EFatal) Connection failed.
* 2013-08-27 21:06:31.506 Connection failed.
* 2013-08-27 21:06:31.506 AUTH TLS successful
. 2013-08-27 21:06:37.668 Internal error: Connect called while still connected
. 2013-08-27 21:06:37.668 Connection failed.
. 2013-08-27 21:06:37.668 Got reply 3004 to the command 1
* 2013-08-27 21:06:37.730 (EFatal) Connection failed.
* 2013-08-27 21:06:37.730 Internal error: Connect called while still connected
* 2013-08-27 21:06:37.730 Connection failed.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,390
Location:
Prague, Czechia

TimL wrote:

Thanks for the answer! Of course I can: ...
Thanks for the log.
I have sent you an email with a debug version of WinSCP to address you have used to register on this forum.

Reply with quote

Advertisement

You can post new topics in this forum