SSL_connect: error in SSLv3 read server hello B

connection works with 4.2.9 but after upgrade I cant connect, here is the log:

. 2010-11-11 20:30:00.933 --------------------------------------------------------------------------
. 2010-11-11 20:30:00.933 WinSCP Version 4.3.0 (Build 1029) (OS 5.1.2600 Service Pack 3)
. 2010-11-11 20:30:00.933 Login time: 11. 11. 2010 20:30:00
. 2010-11-11 20:30:00.933 --------------------------------------------------------------------------
. 2010-11-11 20:30:00.933 Session name: -- mysite.com
. 2010-11-11 20:30:00.934 Host name: ftp.mysite.com (Port: 21)
. 2010-11-11 20:30:00.934 User name: myuser (Password: Yes, Key file: No)
. 2010-11-11 20:30:00.934 Tunnel: No
. 2010-11-11 20:30:00.934 Transfer Protocol: FTP
. 2010-11-11 20:30:00.934 Ping type: C, Ping interval: 15 sec; Timeout: 20 sec
. 2010-11-11 20:30:00.934 Proxy: none
. 2010-11-11 20:30:00.934 FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: No]
. 2010-11-11 20:30:00.934 Local directory: D:\, Remote directory: /public_html/, Update: Yes, Cache: Yes
. 2010-11-11 20:30:00.934 Cache directory changes: Yes, Permanent: Yes
. 2010-11-11 20:30:00.935 DST mode: 1
. 2010-11-11 20:30:00.935 --------------------------------------------------------------------------
. 2010-11-11 20:30:00.984 Connecting to ftp.mysite.com ...
. 2010-11-11 20:30:00.984 m_pSslLayer changed state from 0 to 1
. 2010-11-11 20:30:00.984 m_pSslLayer changed state from 1 to 2
. 2010-11-11 20:30:00.984 m_pSslLayer changed state from 2 to 4
. 2010-11-11 20:30:00.989 Connected with ftp.mysite.com, negotiating SSL connection...
< 2010-11-11 20:30:01.288 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
< 2010-11-11 20:30:01.288 220-You are user number 6 of 50 allowed.
< 2010-11-11 20:30:01.288 220-Local time is now 14:30. Server port: 21.
< 2010-11-11 20:30:01.289 220-IPv6 connections are also welcome on this server.
< 2010-11-11 20:30:01.289 220 You will be disconnected after 15 minutes of inactivity.
> 2010-11-11 20:30:01.289 AUTH TLS
< 2010-11-11 20:30:01.456 234 AUTH TLS OK.
. 2010-11-11 20:30:03.091 SSL_connect: error in SSLv3 read server hello B
. 2010-11-11 20:30:03.091 Can't establish SSL connection
. 2010-11-11 20:30:03.091 SSL_connect: error in SSLv3 read server hello B
. 2010-11-11 20:30:03.091 Disconnected from server
. 2010-11-11 20:30:03.091 Connection failed.
. 2010-11-11 20:30:03.091 Got reply 1004 to the command 1
* 2010-11-11 20:30:03.098 (ESshFatal) Connection failed.
* 2010-11-11 20:30:03.098 SSL_connect: error in SSLv3 read server hello B
* 2010-11-11 20:30:03.098 Can't establish SSL connection
* 2010-11-11 20:30:03.098 SSL_connect: error in SSLv3 read server hello B
* 2010-11-11 20:30:03.098 Disconnected from server
* 2010-11-11 20:30:03.098 Connection failed.
* 2010-11-11 20:30:03.098 AUTH TLS OK.

Can you post a log file from 4.2.9 as well?

. 2010-11-15 16:37:02.677 --------------------------------------------------------------------------
. 2010-11-15 16:37:02.693 WinSCP Version 4.2.9 (Build 938) (OS 5.1.2600 Service Pack 3)
. 2010-11-15 16:37:02.693 Login time: 15. 11. 2010 16:37:02
. 2010-11-15 16:37:02.693 --------------------------------------------------------------------------
. 2010-11-15 16:37:02.693 Session name: -- mysite.com
. 2010-11-15 16:37:02.693 Host name: ftp.mysite.com (Port: 21)
. 2010-11-15 16:37:02.693 User name: myuser (Password: Yes, Key file: No)
. 2010-11-15 16:37:02.693 Tunnel: No
. 2010-11-15 16:37:02.693 Transfer Protocol: FTP
. 2010-11-15 16:37:02.693 Ping type: C, Ping interval: 15 sec; Timeout: 20 sec
. 2010-11-15 16:37:02.693 Proxy: none
. 2010-11-15 16:37:02.693 FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: No]
. 2010-11-15 16:37:02.693 Local directory: D:\, Remote directory: /public_html, Update: Yes, Cache: Yes
. 2010-11-15 16:37:02.693 Cache directory changes: Yes, Permanent: Yes
. 2010-11-15 16:37:02.693 DST mode: 1
. 2010-11-15 16:37:02.693 --------------------------------------------------------------------------
. 2010-11-15 16:37:02.740 Connecting to ftp.mysite.com ...
. 2010-11-15 16:37:02.864 m_pSslLayer changed state from 0 to 1
. 2010-11-15 16:37:02.864 m_pSslLayer changed state from 1 to 2
. 2010-11-15 16:37:02.864 m_pSslLayer changed state from 2 to 4
. 2010-11-15 16:37:02.880 Connected with ftp.mysite.com, negotiating SSL connection...
< 2010-11-15 16:37:03.239 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
< 2010-11-15 16:37:03.239 220-You are user number 6 of 50 allowed.
< 2010-11-15 16:37:03.239 220-Local time is now 10:37. Server port: 21.
< 2010-11-15 16:37:03.239 220-IPv6 connections are also welcome on this server.
< 2010-11-15 16:37:03.239 220 You will be disconnected after 15 minutes of inactivity.
> 2010-11-15 16:37:03.239 AUTH TLS
< 2010-11-15 16:37:03.410 234 AUTH TLS OK.
. 2010-11-15 16:37:04.705 SSL_connect: SSLv3 read server hello A
. 2010-11-15 16:37:04.705 SSL_connect: SSLv3 read server certificate A
. 2010-11-15 16:37:04.981 SSL_connect: SSLv3 read server key exchange A
. 2010-11-15 16:37:04.981 SSL_connect: SSLv3 read server done A
. 2010-11-15 16:37:04.981 SSL_connect: SSLv3 write client key exchange A
. 2010-11-15 16:37:04.981 SSL_connect: SSLv3 write change cipher spec A
. 2010-11-15 16:37:04.981 SSL_connect: SSLv3 write finished A
. 2010-11-15 16:37:04.981 SSL_connect: SSLv3 flush data
. 2010-11-15 16:37:05.158 SSL_connect: SSLv3 read finished A
. 2010-11-15 16:37:05.163 Using TLSv1, cipher TLSv1/SSLv3: DHE-RSA-AES256-SHA, 1024 bit RSA
. 2010-11-15 16:37:05.166 SSL connection established. Waiting for welcome message...
> 2010-11-15 16:37:05.166 USER myuser
< 2010-11-15 16:37:05.341 331 User myuser OK. Password required
> 2010-11-15 16:37:05.341 PASS ************
< 2010-11-15 16:37:05.601 230-User myuser has group access to: myuser
< 2010-11-15 16:37:05.808 230 OK. Current restricted directory is /
> 2010-11-15 16:37:05.808 SYST
< 2010-11-15 16:37:05.974 215 UNIX Type: L8
> 2010-11-15 16:37:05.974 FEAT
< 2010-11-15 16:37:06.162 211-Extensions supported:
< 2010-11-15 16:37:06.162 EPRT
< 2010-11-15 16:37:06.162 IDLE
< 2010-11-15 16:37:06.162 MDTM
< 2010-11-15 16:37:06.162 SIZE
< 2010-11-15 16:37:06.162 REST STREAM
< 2010-11-15 16:37:06.162 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
< 2010-11-15 16:37:06.162 MLSD
< 2010-11-15 16:37:06.162 AUTH TLS
< 2010-11-15 16:37:06.162 PBSZ
< 2010-11-15 16:37:06.162 PROT
< 2010-11-15 16:37:06.162 ESTA
< 2010-11-15 16:37:06.162 PASV
< 2010-11-15 16:37:06.162 EPSV
< 2010-11-15 16:37:06.162 SPSV
< 2010-11-15 16:37:06.162 ESTP
< 2010-11-15 16:37:06.364 211 End.
> 2010-11-15 16:37:06.364 PBSZ 0
< 2010-11-15 16:37:06.520 200 PBSZ=0
> 2010-11-15 16:37:06.520 PROT P
< 2010-11-15 16:37:06.723 200 Data protection level set to "private"
. 2010-11-15 16:37:06.739 Connected
. 2010-11-15 16:37:06.739 Got reply 1 to the command 1
. 2010-11-15 16:37:06.739 --------------------------------------------------------------------------
. 2010-11-15 16:37:06.739 Using FTP protocol.
. 2010-11-15 16:37:06.739 Doing startup conversation with host.
> 2010-11-15 16:37:06.739 PWD
< 2010-11-15 16:37:06.926 257 "/" is your current location
. 2010-11-15 16:37:06.926 Got reply 1 to the command 16
. 2010-11-15 16:37:06.926 Changing directory to "/public_html/myfolder".

Hi.
I'm having the same problem. For testing purposes i'm running an isolated LAN with no Firewall/antivirus/anti.. etc.(same result as wan)
I'm using WINSCP Portable to connect to a filezilla server.


WINSCP Portable Log:--------------------------------------------------------------
. 2010-11-18 19:10:28.558 WinSCP Version 4.3.0 (Build 1029) (OS 6.1.7600)
. 2010-11-18 19:10:28.558 Login time: Thursday, 18 de November de 2010 19:10:28
. 2010-11-18 19:10:28.558 --------------------------------------------------------------------------
. 2010-11-18 19:10:28.558 Session name: session
. 2010-11-18 19:10:28.558 Host name: 192.168.2.20 (Port: 21)
. 2010-11-18 19:10:28.558 User name: admin (Password: Yes, Key file: No)
. 2010-11-18 19:10:28.558 Tunnel: No
. 2010-11-18 19:10:28.558 Transfer Protocol: FTP
. 2010-11-18 19:10:28.558 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2010-11-18 19:10:28.558 Proxy: none
. 2010-11-18 19:10:28.558 FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: No]
. 2010-11-18 19:10:28.558 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2010-11-18 19:10:28.558 Cache directory changes: Yes, Permanent: Yes
. 2010-11-18 19:10:28.558 DST mode: 1
. 2010-11-18 19:10:28.558 --------------------------------------------------------------------------
. 2010-11-18 19:10:28.621 Connecting to 192.168.2.20 ...
. 2010-11-18 19:10:28.636 Connected with 192.168.2.20, negotiating SSL connection...
< 2010-11-18 19:10:28.636 220 Banner ->ok
> 2010-11-18 19:10:28.636 AUTH TLS
< 2010-11-18 19:10:28.979 234 Using authentication type TLS
. 2010-11-18 19:10:28.979 SSL_connect: error in SSLv3 read server hello B
. 2010-11-18 19:10:28.979 Can't establish SSL connection
. 2010-11-18 19:10:28.979 SSL_connect: error in SSLv3 read server hello B
. 2010-11-18 19:10:28.979 Disconnected from server
. 2010-11-18 19:10:28.979 Connection failed.
* 2010-11-18 19:10:28.995 (ESshFatal) Connection failed.
* 2010-11-18 19:10:28.995 SSL_connect: error in SSLv3 read server hello B
* 2010-11-18 19:10:28.995 Can't establish SSL connection
* 2010-11-18 19:10:28.995 SSL_connect: error in SSLv3 read server hello B
* 2010-11-18 19:10:28.995 Disconnected from server
* 2010-11-18 19:10:28.995 Connection failed.
* 2010-11-18 19:10:28.995 Using authentication type TLS



Filezilla Server Log:
--------------------------------------------------------------------
(000034) 18-11-2010 19:10:28 - (not logged in) (192.168.2.20)> Connected, sending welcome message...
(000034) 18-11-2010 19:10:28 - (not logged in) (192.168.2.20)> AUTH TLS
(000034) 18-11-2010 19:10:28 - (not logged in) (192.168.2.20)> 234 Using authentication type TLS
(000034) 18-11-2010 19:10:39 - (not logged in) (192.168.2.20)> disconnected.

I have sent an email to zombix while ago. No response so far. Can others facing the problem contact me?

I have exactly the same problem with the 31 version.

FTP with explicite TLS is broken now.

Can you send me an email, so I can send you back a debug version of WinSCP to track the problem? Please include link back to this topic in your email. Also note in this topic that you have sent the email. Thanks.

UmageFan wrote:

I have exactly the same problem with the 31 version.

FTP with explicite TLS is broken now.

Same problem here with 4.3.1 beta. Here's the message:

SSL_connect: error in SSLv3 read server hello B
Can't establish SSL connection
SSL_connect: error in SSLv3 read server hello B
Disconnected from server
Connection failed.
Proceed with negotiation.

The same answer:

Can you send me an email, so I can send you back a debug version of WinSCP to track the problem? Please include link back to this topic in your email. Also note in this topic that you have sent the email. Thanks.

I send three emails already. never got any debug version :-)

Tls Explicite wrote:

I send three emails already. never got any debug version :-)

What were subjects of your emails?

Hi, any update on this Martin?

Thanks!

Anonymous wrote:

Hi, any update on this Martin?

None yet. Can you send me an email?

I sent you an email with ip, user and pw to reproduce the issue.

Subject of the email : Re: tls ftp problem winscp

PLease let me know when I can shutdown the test server. Thanks :-)

TLS Explicite wrote:

PLease let me know when I can shutdown the test server. Thanks :-)

Will do. Unfortunately I won't have time to test for several days.

any plans to login to my server? It shouldn't take to much of your time. I have to re-image my vps soon.

tls explicite wrote:

any plans to login to my server? It shouldn't take to much of your time. I have to re-image my vps soon.

I would like to do it this weekend. If it is not too late.

ok, ftp server is still up.

This issue has been added to tracker.

Please release a new beta. Many thanks!

:-)

You've hit the ball out the park! Increbdlie!