431 Failed to setup secure session.

Hello, I just changed SSL certificate from SAN certificate to WILDCARD certificate, but now I cannot connect to any of FTPS instances. I'm getting following events in log file.

< 2020-11-30 01:06:33.825 220
> 2020-11-30 01:06:33.825 AUTH TLS
< 2020-11-30 01:06:33.825 431 Failed to setup secure session.
> 2020-11-30 01:06:33.825 AUTH SSL
< 2020-11-30 01:06:33.825 431 Failed to setup secure session.
. 2020-11-30 01:06:33.825 Connection failed.
* 2020-11-30 01:06:33.910 (EFatal) Connection failed.
* 2020-11-30 01:06:33.910 Connection failed.
* 2020-11-30 01:06:33.910 Failed to setup secure session.

Can you connect with any other FTP client? Can you post a more verbose log file?

Hello Martin,
I found that new WILDCARD certificate which I got from customer is using sha384RSA algorithm. I didn't found much relevant informations about algorithms supported by IIS at W2K16 Server, but I think that this can be problem. I compared old SAN certificate, old WILDCARD certificate and new WILDCARD certificate and found only this one significant difference.

Martin, do you think that encrypt algorithm can be source of the problem? I think, that there is nothing wrong with WinSCP.

akapl wrote:

Martin, do you think that encrypt algorithm can be source of the problem? I think, that there is nothing wrong with WinSCP.

Can be, but I do not know.
What does the log show? I see some successful and some failed connections.
Did you try any other FTPS client?

I tried internal FTP client of Multi Commander with same result.

Successful connections was made with previous SAN Let's Encrypt certificate. Old WILDCARD certificate with sha256RSA works too..