431 Failed to setup secure session.

Advertisement

akapl
Joined:
Posts:
5
Location:
Czech republc

431 Failed to setup secure session.

Hello, I just changed SSL certificate from SAN certificate to WILDCARD certificate, but now I cannot connect to any of FTPS instances. I'm getting following events in log file.

< 2020-11-30 01:06:33.825 220
> 2020-11-30 01:06:33.825 AUTH TLS
< 2020-11-30 01:06:33.825 431 Failed to setup secure session.
> 2020-11-30 01:06:33.825 AUTH SSL
< 2020-11-30 01:06:33.825 431 Failed to setup secure session.
. 2020-11-30 01:06:33.825 Connection failed.
* 2020-11-30 01:06:33.910 (EFatal) Connection failed.
* 2020-11-30 01:06:33.910 Connection failed.
* 2020-11-30 01:06:33.910 Failed to setup secure session.
  • ftpfaktury.preventado.cz.log (11.38 KB, Private file)
Description: Server is behind NAT...

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
35,438
Location:
Prague, Czechia

Re: 431 Failed to setup secure session.

Can you connect with any other FTP client? Can you post a more verbose log file?

Reply with quote

akapl
Joined:
Posts:
5
Location:
Czech republc

Re: 431 Failed to setup secure session.

Hello Martin,
I found that new WILDCARD certificate which I got from customer is using sha384RSA algorithm. I didn't found much relevant informations about algorithms supported by IIS at W2K16 Server, but I think that this can be problem. I compared old SAN certificate, old WILDCARD certificate and new WILDCARD certificate and found only this one significant difference.

Martin, do you think that encrypt algorithm can be source of the problem? I think, that there is nothing wrong with WinSCP.
  • certs_algorithm.jpg (269.19 KB, Private file)
Description: First connection is with SAN certificate and then connection with new WILDCARD certificate.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
35,438
Location:
Prague, Czechia

Re: 431 Failed to setup secure session.

akapl wrote:

Martin, do you think that encrypt algorithm can be source of the problem? I think, that there is nothing wrong with WinSCP.
Can be, but I do not know.
What does the log show? I see some successful and some failed connections.
Did you try any other FTPS client?

Reply with quote

akapl

Re: 431 Failed to setup secure session.

I tried internal FTP client of Multi Commander with same result.

Successful connections was made with previous SAN Let's Encrypt certificate. Old WILDCARD certificate with sha256RSA works too..

Reply with quote

Advertisement

You can post new topics in this forum