Topic "WinSCP transfers fail with Windows Server IIS FTP+TLS"

Author Message
whereisaaron
[View user's profile]

Joined: 2013-10-19
Posts: 2
Location: Boston, MA
A security patch for Windows Server IIS earlier this year broke FTP+TLS file transfers with WinSCP. Connections and directory listings would work, but file transfers display the error:

"Copying files to remote side failed. The supplied message is incomplete. The signature was not verified."

Trying older and beta versions of WinSCP I have found two workarounds:

1) Use WinSCP version 4.3.3, this is the newest verion that still works.

2) Use WinSCP version 5.2.4 beta, with the new maximum TLS/SSL version setting set to 'TLS 1.0'. This also works.

It appears the Microsoft patch has broken compatibility with TLS 1.1 and TLS 1.2.

The Filezilla client also does not work any more (I tried it). I read that the GNU SSL library does not work with Windows Server IIS FTP+TLS any more either.

I was testing with Windows Server 2012 and IIS 8 with all Windows Update patches as at Oct 2013. I tested only FTP with explicit TLS.

Aaron.
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25019
Location: Prague, Czechia
I was testing this only to find that IIS does not support TLS 1.1 and TLS 1.2 by default. One has to enable this in registry (<invalid hyperlink removed by admin>). They probably know why they do not enable this by default...
da_chicken

Guest


Just a note for people who find their way here wondering why MS did this.

MS intentionally disabled TLS 1.1 and 1.2 by default because most browsers didn't have TLS 1.1 or 1.2 enabled, and they wouldn't fall back to TLS 1.0 right. Specifically, Firefox didn't enable TLS 1.1 and 1.2 until at least version 24 (August 2013) and in version 23 even if you enabled it it would not fall back to TLS 1.0 from TLS 1.1 or higher. As I recall this wasn't unique behavior for Firefox, either.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25019
Location: Prague, Czechia
Thanks for sharing the information.

Also see "FIX: "The supplied message is incomplete" error when you use an FTPS client to upload a file in Windows 8, Windows Server 2012, Windows 8.1, or Windows Server 2012 R2":
https://support.microsoft.com/en-us/kb/2888853
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25019
Location: Prague, Czechia
This has been documented:
https://winscp.net/eng/docs/message_supplied_message_incomplete
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License