WinSCP transfers fail with Windows Server IIS FTP+TLS

Advertisement

whereisaaron
Joined:
Posts:
2
Location:
Boston, MA

WinSCP transfers fail with Windows Server IIS FTP+TLS

A security patch for Windows Server IIS earlier this year broke FTP+TLS file transfers with WinSCP. Connections and directory listings would work, but file transfers display the error:

"Copying files to remote side failed. The supplied message is incomplete. The signature was not verified."

Trying older and beta versions of WinSCP I have found two workarounds:

1) Use WinSCP version 4.3.3, this is the newest verion that still works.

2) Use WinSCP version 5.2.4 beta, with the new maximum TLS/SSL version setting set to 'TLS 1.0'. This also works.

It appears the Microsoft patch has broken compatibility with TLS 1.1 and TLS 1.2.

The Filezilla client also does not work any more (I tried it). I read that the GNU SSL library does not work with Windows Server IIS FTP+TLS any more either.

I was testing with Windows Server 2012 and IIS 8 with all Windows Update patches as at Oct 2013. I tested only FTP with explicit TLS.

Aaron.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
29,540
Location:
Prague, Czechia

Re: WinSCP transfers fail with Windows Server IIS FTP+TLS

I was testing this only to find that IIS does not support TLS 1.1 and TLS 1.2 by default. One has to enable this in registry (<invalid hyperlink removed by admin>). They probably know why they do not enable this by default...

Reply with quote

da_chicken
Guest

Just a note for people who find their way here wondering why MS did this.

MS intentionally disabled TLS 1.1 and 1.2 by default because most browsers didn't have TLS 1.1 or 1.2 enabled, and they wouldn't fall back to TLS 1.0 right. Specifically, Firefox (<invalid hyperlink removed by admin>) didn't enable TLS 1.1 and 1.2 until at least version 24 (August 2013) and in version 23 even if you enabled it it would not fall back to TLS 1.0 from TLS 1.1 or higher. As I recall this wasn't unique behavior for Firefox, either.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
29,540
Location:
Prague, Czechia

Re: WinSCP transfers fail with Windows Server IIS FTP+TLS

Thanks for sharing the information.

Also see "FIX: "The supplied message is incomplete" error when you use an FTPS client to upload a file in Windows 8, Windows Server 2012, Windows 8.1, or Windows Server 2012 R2":
https://support.microsoft.com/en-us/help/2888853/fix-the-supplied-message-is-incomplete-error-when-you-use-an-ftps-clie

Reply with quote

Advertisement

You can post new topics in this forum