SSL3 alert write: fatal: handshake failure
Hello
I have this FTPS issue handshake failure (SSL3 alert write: fatal: handshake failure) when upgrading from v5.11.1 to v6.3.6. There aren't much options to set. I combed thru all the support threads and couldn't resolve this issue. TLS option is set to v1.1-v1.2. Plz suggest a solution ... Many thanks
Logs of bad connection with v6.3.6 .....
Logs of good connection with v5.11.1 ...
I have this FTPS issue handshake failure (SSL3 alert write: fatal: handshake failure) when upgrading from v5.11.1 to v6.3.6. There aren't much options to set. I combed thru all the support threads and couldn't resolve this issue. TLS option is set to v1.1-v1.2. Plz suggest a solution ... Many thanks
Logs of bad connection with v6.3.6 .....
. 2025-03-12 16:45:57.462 -------------------------------------------------------------------------- . 2025-03-12 16:45:57.463 WinSCP Version 6.3.6 (Build 15073 2024-11-25) (OS 10.0.19045 – Windows 10 Enterprise) . 2025-03-12 16:45:57.464 Configuration: P:\WinSCP_6_3_6\WinSCP.ini . 2025-03-12 16:45:57.465 Log level: Debug 2 . 2025-03-12 16:45:57.465 Local account: xxxx\yyyy . 2025-03-12 16:45:57.465 Working directory: P:\WinSCP_6_3_6 . 2025-03-12 16:45:57.465 Process ID: 17868 . 2025-03-12 16:45:57.480 Ancestor processes: explorer, ... . 2025-03-12 16:45:57.484 Command-line: "P:\WinSCP_6_3_6\WinSCP.exe" . 2025-03-12 16:45:57.485 Time zone: Current: GMT-7, Standard: GMT-8 (Pacific Standard Time), DST: GMT-7 (Pacific Daylight Time), DST Start: 3/9/2025, DST End: 11/2/2025 . 2025-03-12 16:45:57.485 Login time: Wednesday, March 12, 2025 4:45:57 PM . 2025-03-12 16:45:57.485 -------------------------------------------------------------------------- . 2025-03-12 16:45:57.485 Session name: xxxx (Modified site) . 2025-03-12 16:45:57.485 Host name: yyyyyy (Port: 2122) . 2025-03-12 16:45:57.485 User name: zzzzz (Password: Yes, Key file: No, Passphrase: No) . 2025-03-12 16:45:57.485 Transfer Protocol: FTP . 2025-03-12 16:45:57.485 Ping type: Dummy, Ping interval: 30 sec; Timeout: 15 sec . 2025-03-12 16:45:57.485 Disable Nagle: No . 2025-03-12 16:45:57.485 Proxy: None . 2025-03-12 16:45:57.485 Send buffer: 262144 . 2025-03-12 16:45:57.485 UTF: Auto . 2025-03-12 16:45:57.485 FTPS: Explicit TLS/SSL [Client certificate: No] . 2025-03-12 16:45:57.485 FTP: Passive: Yes [Force IP: Auto]; MLSD: Auto [List all: Auto]; HOST: Auto . 2025-03-12 16:45:57.485 Session reuse: Yes . 2025-03-12 16:45:57.485 TLS/SSL versions: TLSv1.1-TLSv1.2 . 2025-03-12 16:45:57.485 Local directory: C:\, Remote directory: /, Update: Yes, Cache: Yes . 2025-03-12 16:45:57.485 Cache directory changes: Yes, Permanent: Yes . 2025-03-12 16:45:57.485 Recycle bin: Delete to: No, Overwritten to: No, Bin path: . 2025-03-12 16:45:57.485 Timezone offset: 0h 0m . 2025-03-12 16:45:57.485 -------------------------------------------------------------------------- . 2025-03-12 16:45:57.517 Session upkeep . 2025-03-12 16:45:57.560 Connecting to yyyyyy:2122 ... . 2025-03-12 16:45:57.560 Connected . 2025-03-12 16:45:57.560 TLS layer changed state from unconnected to connecting . 2025-03-12 16:45:57.590 TLS layer changed state from connecting to connected . 2025-03-12 16:45:57.591 Connected with sgapi.scotiabank.ca:2122, negotiating TLS connection... . 2025-03-12 16:45:57.673 Read 84 bytes < 2025-03-12 16:45:57.673 220 yyyyyy FTP Gateway service (Version 2,0,0,25 2025-03-12 7:45:57 PM) Ready. > 2025-03-12 16:45:57.673 AUTH TLS . 2025-03-12 16:45:57.748 Read 37 bytes < 2025-03-12 16:45:57.748 234 TLS Accepted, begin negotiation . 2025-03-12 16:45:57.748 No data to read . 2025-03-12 16:45:57.823 TLS connect: SSLv3/TLS write client hello . 2025-03-12 16:45:57.823 SSL3 alert write: fatal: handshake failure . 2025-03-12 16:45:57.823 error:0A000152:SSL routines::unsafe legacy renegotiation disabled . 2025-03-12 16:45:57.823 unsafe legacy renegotiation disabled . 2025-03-12 16:45:57.823 TLS connect: error in error . 2025-03-12 16:45:57.823 Can't establish TLS connection . 2025-03-12 16:45:57.823 Disconnected from server . 2025-03-12 16:45:57.823 Connection closed . 2025-03-12 16:45:57.823 Connection failed. . 2025-03-12 16:45:57.823 Got reply 1004 to the command 1 * 2025-03-12 16:45:57.892 (EFatal) Connection failed. * 2025-03-12 16:45:57.892 SSL3 alert write: fatal: handshake failure * 2025-03-12 16:45:57.892 unsafe legacy renegotiation disabled * 2025-03-12 16:45:57.892 TLS connect: error in error * 2025-03-12 16:45:57.892 Can't establish TLS connection * 2025-03-12 16:45:57.892 Disconnected from server * 2025-03-12 16:45:57.892 Connection failed.
. 2025-03-12 16:48:14.463 -------------------------------------------------------------------------- . 2025-03-12 16:48:14.464 WinSCP Version 5.11.1 (Build 7725) (OS 10.0.19045 - Windows 10 Enterprise) . 2025-03-12 16:48:14.465 Configuration: P:\WinSCP\WinSCP.ini . 2025-03-12 16:48:14.466 Log level: Debug 2 . 2025-03-12 16:48:14.466 Local account: xxxx\yyyy . 2025-03-12 16:48:14.466 Working directory: P:\WinSCP . 2025-03-12 16:48:14.466 Process ID: 26012 . 2025-03-12 16:48:14.476 Command-line: "P:\WinSCP\WinSCP.exe" . 2025-03-12 16:48:14.477 Time zone: Current: GMT-7, Standard: GMT-8 (Pacific Standard Time), DST: GMT-7 (Pacific Daylight Time), DST Start: 3/9/2025, DST End: 11/2/2025 . 2025-03-12 16:48:14.477 Login time: Wednesday, March 12, 2025 4:48:14 PM . 2025-03-12 16:48:14.477 -------------------------------------------------------------------------- . 2025-03-12 16:48:14.477 Session name: xxxx (Modified site) . 2025-03-12 16:48:14.477 Host name: yyyyyy (Port: 2122) . 2025-03-12 16:48:14.477 User name: zzzzz (Password: Yes, Key file: No, Passphrase: No) . 2025-03-12 16:48:14.477 Transfer Protocol: FTP . 2025-03-12 16:48:14.477 Ping type: Dummy, Ping interval: 30 sec; Timeout: 15 sec . 2025-03-12 16:48:14.477 Disable Nagle: No . 2025-03-12 16:48:14.477 Proxy: None . 2025-03-12 16:48:14.477 Send buffer: 262144 . 2025-03-12 16:48:14.477 UTF: Auto . 2025-03-12 16:48:14.477 FTPS: Explicit TLS/SSL [Client certificate: No] . 2025-03-12 16:48:14.477 FTP: Passive: Yes [Force IP: Auto]; MLSD: Auto [List all: Auto]; HOST: Auto . 2025-03-12 16:48:14.477 Session reuse: Yes . 2025-03-12 16:48:14.477 TLS/SSL versions: TLSv1.0-TLSv1.2 . 2025-03-12 16:48:14.477 Local directory: C:\, Remote directory: /Sent, Update: Yes, Cache: Yes . 2025-03-12 16:48:14.477 Cache directory changes: Yes, Permanent: Yes . 2025-03-12 16:48:14.478 Recycle bin: Delete to: No, Overwritten to: No, Bin path: . 2025-03-12 16:48:14.478 Timezone offset: 0h 0m . 2025-03-12 16:48:14.478 -------------------------------------------------------------------------- . 2025-03-12 16:48:14.538 Session upkeep . 2025-03-12 16:48:14.607 Connecting to yyyyyy:2122 ... . 2025-03-12 16:48:14.607 TLS layer changed state from unconnected to connecting . 2025-03-12 16:48:14.617 TLS layer changed state from connecting to connected . 2025-03-12 16:48:14.619 Connected with yyyyyy:2122, negotiating TLS connection... < 2025-03-12 16:48:14.703 220 yyyyyy FTP Gateway service (Version 2,0,0,25 2025-03-12 7:48:14 PM) Ready. > 2025-03-12 16:48:14.703 AUTH TLS < 2025-03-12 16:48:14.776 234 TLS Accepted, begin negotiation . 2025-03-12 16:48:15.242 TLS connect: SSLv3 read server hello A . 2025-03-12 16:48:15.249 TLS connect: SSLv3 read server certificate A . 2025-03-12 16:48:15.262 TLS connect: SSLv3 read server key exchange A . 2025-03-12 16:48:15.263 TLS connect: SSLv3 read server done A . 2025-03-12 16:48:15.269 TLS connect: SSLv3 write client key exchange A . 2025-03-12 16:48:15.274 TLS connect: SSLv3 write change cipher spec A . 2025-03-12 16:48:15.274 TLS connect: SSLv3 write finished A . 2025-03-12 16:48:15.274 TLS connect: SSLv3 flush data . 2025-03-12 16:48:15.348 TLS connect: SSLv3 read finished A . 2025-03-12 16:48:15.349 Verifying certificate for "yyyyyy" with fingerprint zzzz and 20 failures . 2025-03-12 16:48:15.349 Certificate common name "yyyyyy" matches hostname . 2025-03-12 16:48:15.402 Certificate verified against Windows certificate store . 2025-03-12 16:48:15.403 Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES128-SHA256, 2048 bit RSA, ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 . 2025-03-12 16:48:15.403 Session upkeep . 2025-03-12 16:48:15.428 TLS connection established. Waiting for welcome message... > 2025-03-12 16:48:15.428 USER zzzzz < 2025-03-12 16:48:15.855 331 Password required for JOTASADPWL. > 2025-03-12 16:48:15.855 PASS ******** < 2025-03-12 16:48:16.410 230 User zzzzz logged in. > 2025-03-12 16:48:16.410 SYST . 2025-03-12 16:48:16.913 The server is probably running Windows, assuming that directory listing timestamps are affected by DST. < 2025-03-12 16:48:16.913 215 Windows_NT version 5.0 > 2025-03-12 16:48:16.913 FEAT < 2025-03-12 16:48:17.415 211-Extensions supported < 2025-03-12 16:48:17.416 AUTH TLS < 2025-03-12 16:48:17.416 AUTH SSL < 2025-03-12 16:48:17.416 PBSZ < 2025-03-12 16:48:17.416 PROT < 2025-03-12 16:48:17.416 211 END > 2025-03-12 16:48:17.416 PBSZ 0 < 2025-03-12 16:48:17.919 200 PBSZ 0 successful > 2025-03-12 16:48:17.919 PROT P < 2025-03-12 16:48:18.422 200 Protection set to private . 2025-03-12 16:48:18.422 Session upkeep . 2025-03-12 16:48:18.448 Connected . 2025-03-12 16:48:18.448 Got reply 1 to the command 1 . 2025-03-12 16:48:18.448 -------------------------------------------------------------------------- . 2025-03-12 16:48:18.448 Using FTP protocol. . 2025-03-12 16:48:18.450 Doing startup conversation with host. > 2025-03-12 16:48:18.465 PWD < 2025-03-12 16:48:18.925 257 "/" is current directory. . 2025-03-12 16:48:18.926 Got reply 1 to the command 16 . 2025-03-12 16:48:18.926 Changing directory to "/Sent". > 2025-03-12 16:48:18.926 CWD /Sent < 2025-03-12 16:48:19.429 250 CWD command successful. . 2025-03-12 16:48:19.429 Got reply 1 to the command 16 . 2025-03-12 16:48:19.429 Getting current directory name. > 2025-03-12 16:48:19.429 PWD < 2025-03-12 16:48:19.932 257 "/Sent" is current directory. . 2025-03-12 16:48:19.932 Got reply 1 to the command 16 . 2025-03-12 16:48:19.932 Session upkeep . 2025-03-12 16:48:20.032 Retrieving directory listing... > 2025-03-12 16:48:20.032 TYPE A < 2025-03-12 16:48:20.435 200 Type set to A. > 2025-03-12 16:48:20.437 PASV < 2025-03-12 16:48:20.946 227 Entering Passive Mode (205,210,223,47,7,236) > 2025-03-12 16:48:20.946 LIST -a . 2025-03-12 16:48:20.946 Connecting to 205.210.223.47:2028 ... . 2025-03-12 16:48:21.016 Data connection opened . 2025-03-12 16:48:21.016 Trying reuse main TLS session ID . 2025-03-12 16:48:21.017 TLS layer changed state from none to connected < 2025-03-12 16:48:21.449 150 Opening data connection for LIST. . 2025-03-12 16:48:21.461 Session ID reused . 2025-03-12 16:48:21.461 TLS connect: SSLv3 read server hello A . 2025-03-12 16:48:21.462 TLS connect: SSLv3 read finished A . 2025-03-12 16:48:21.462 TLS connect: SSLv3 write change cipher spec A . 2025-03-12 16:48:21.462 TLS connect: SSLv3 write finished A . 2025-03-12 16:48:21.462 TLS connect: SSLv3 flush data . 2025-03-12 16:48:21.462 Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES128-SHA256, 2048 bit RSA, ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 . 2025-03-12 16:48:21.462 Session upkeep . 2025-03-12 16:48:21.486 TLS connection established . 2025-03-12 16:48:21.946 Session upkeep < 2025-03-12 16:48:21.976 226 Transfer complete. . 2025-03-12 16:48:22.155 TLS layer changed state from connected to closed
