OpenSSL SSL_connect: SSL_ERROR_SYSCALL

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
shoutbomb
504 Command not implemented
Posts: 6
Joined: 2018-11-08 18:56
First name: George
Last name: Q

OpenSSL SSL_connect: SSL_ERROR_SYSCALL

#1 Post by shoutbomb » 2018-11-08 20:52

Hello,

A client is using PHP version 7.1.0 to connect to my server running the latest 0.9.60

$curl = curl_init();
curl_setopt($curl, CURLOPT_USE_SSL, CURLFTPSSL_ALL);
curl_setopt($curl, CURLOPT_SSLVERSION, 6);
curl_setopt($curl, CURLOPT_TCP_NODELAY, 0);
curl_setopt($curl, CURLOPT_URL, "ftps://ben:benuiqw#__#<EMAIL email="wnm@ftp.example.com">wnm@ftp.example.com</EMAIL>/");
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_exec($curl);
curl_close ($curl);
fclose($file);

returns the following:

* Hostname ftp.example.com was found in DNS cache
* Trying xxx.xxx.xxx.xxx...
* TCP_NODELAY set
* Connected to ftp.example.com (xxx.xxx.xxx.xxx) port 990 (#0)
* successfully set certificate verify locations:
* CAfile: D:/inetpub/PHP/cacert.pem
CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: CN=ftp.example.com; C=US; ST=My State; L=My City; O=example, LLC; OU=example Team; emailAddress=<EMAIL email="support@example.com">support@example.com</EMAIL>
* start date: Apr 28 00:50:06 2018 GMT
* expire date: Apr 28 00:50:06 2019 GMT
* common name: ftp.example.com (matched)
* issuer: CN=ftp.example.com; C=US; ST=My State; L=My City; O=example, LLC; OU=example Team; emailAddress=<EMAIL email="support@example.com">support@example.com</EMAIL>
* SSL certificate verify ok.
< 220 Hello...now where to begin
> USER ben
< 331 Password required for ben
> PASS *************
< 230 Logged on
> PBSZ 0
< 200 PBSZ=0
> PROT P
< 200 Protection level set to P
> PWD
< 257 "/" is current directory.
* Entry path is '/'
> EPSV
* Connect data stream passively
* ftp_perform ends with SECONDARY: 0
< 229 Entering Extended Passive Mode (|||5086|)
* Trying xxx.xxx.xxx.xxx...
* TCP_NODELAY set
* Connecting to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 5086
* Connected to ftp.example.com (xxx.xxx.xxx.xxx) port 990 (#0)
> TYPE A
< 200 Type set to A
> LIST
< 150 Opening data channel for directory listing of "/"
* Maxdownload = -1
* Doing the SSL/TLS handshake on the data stream
* successfully set certificate verify locations:
* CAfile: D:/inetpub/PHP/cacert.pem
CApath: none
* SSL re-using session ID
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ftp.example.com:990
* Closing connection 0

They say that they are not running a proxy and the passive ports range (5000 to 5100) are configured in their firewall. Any suggestions would be appreciated.</r>
Last edited by boco on 2018-11-08 21:30, edited 1 time in total.
Reason: Sanitized the post a bit.

User avatar
botg
Site Admin
Posts: 31605
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: OpenSSL SSL_connect: SSL_ERROR_SYSCALL

#2 Post by botg » 2018-11-08 23:23

This log has been tampered with so much, it's useless. Please post a complete and unmodified log.

shoutbomb
504 Command not implemented
Posts: 6
Joined: 2018-11-08 18:56
First name: George
Last name: Q

Re: OpenSSL SSL_connect: SSL_ERROR_SYSCALL

#3 Post by shoutbomb » 2018-11-09 00:22

Am I not able to mask identifiable information?

shoutbomb
504 Command not implemented
Posts: 6
Joined: 2018-11-08 18:56
First name: George
Last name: Q

Re: OpenSSL SSL_connect: SSL_ERROR_SYSCALL

#4 Post by shoutbomb » 2018-11-09 00:28

This is the server side log detailing one of the failed attempts to connect. I am only masking the initial portion of the IP address, nothing else is changed:

(009500) 11/8/2018 12:07:27 PM - (not logged in) (xxx.xxx.64.21)> Connected on port 990, sending welcome message...
(009500) 11/8/2018 12:07:27 PM - (not logged in) (xxx.xxx.64.21)> TLS connection established
(009500) 11/8/2018 12:07:27 PM - (not logged in) (xxx.xxx.64.21)> USER uoa
(009500) 11/8/2018 12:07:27 PM - (not logged in) (xxx.xxx.64.21)> 331 Password required for uoa
(009500) 11/8/2018 12:07:27 PM - (not logged in) (xxx.xxx.64.21)> PASS ************
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> 230 Logged on
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> PBSZ 0
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> 200 PBSZ=0
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> PROT P
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> 200 Protection level set to P
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> PWD
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> 257 "/" is current directory.
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> EPSV
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> 229 Entering Extended Passive Mode (|||5086|)
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> TYPE A
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> 200 Type set to A
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> LIST
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> 150 Opening data channel for directory listing of "/"
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> 426 Connection closed; aborted transfer of "/"
(009500) 11/8/2018 12:07:27 PM - uoa (xxx.xxx.64.21)> disconnected.

shoutbomb
504 Command not implemented
Posts: 6
Joined: 2018-11-08 18:56
First name: George
Last name: Q

Re: OpenSSL SSL_connect: SSL_ERROR_SYSCALL

#5 Post by shoutbomb » 2018-11-09 00:33

This is the client side log detailing the attempt to connect. I am only masking the initial portion of the IP address and the host name, NOTHING else about this log is altered.

* Hostname ftp.blanc.com was found in DNS cache
* Trying xxx.xxx.35.93...
* TCP_NODELAY set
* Connected to ftp.blanc.com (xxx.xxx.35.93) port 990 (#0)
* successfully set certificate verify locations:
* CAfile: D:/inetpub/PHP/cacert.pem
CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: CN=ftp.blanc.com; C=US; ST=California; L=San Leandro; O=blanc, LLC; OU=blanc Team; emailAddress=support@blanc.com
* start date: Apr 28 00:50:06 2018 GMT
* expire date: Apr 28 00:50:06 2019 GMT
* common name: ftp.blanc.com (matched)
* issuer: CN=ftp.blanc.com; C=US; ST=California; L=San Leandro; O=blanc, LLC; OU=blanc Team; emailAddress=support@blanc.com
* SSL certificate verify ok.
< 220 Hello...now where to begin
> USER uoa
< 331 Password required for uoa
> PASS *******
< 230 Logged on
> PBSZ 0
< 200 PBSZ=0
> PROT P
< 200 Protection level set to P
> PWD
< 257 "/" is current directory.
* Entry path is '/'
> EPSV
* Connect data stream passively
* ftp_perform ends with SECONDARY: 0
< 229 Entering Extended Passive Mode (|||5086|)
* Trying xxx.xxx.35.93...
* TCP_NODELAY set
* Connecting to xxx.xxx.35.93 (xxx.xxx.35.93) port 5086
* Connected to ftp.blanc.com (xxx.xxx.35.93) port 990 (#0)
> TYPE A
< 200 Type set to A
> LIST
< 150 Opening data channel for directory listing of "/"
* Maxdownload = -1
* Doing the SSL/TLS handshake on the data stream
* successfully set certificate verify locations:
* CAfile: D:/inetpub/PHP/cacert.pem
CApath: none
* SSL re-using session ID
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ftp.blanc.com:990
* Closing connection 0

shoutbomb
504 Command not implemented
Posts: 6
Joined: 2018-11-08 18:56
First name: George
Last name: Q

Re: OpenSSL SSL_connect: SSL_ERROR_SYSCALL

#6 Post by shoutbomb » 2018-11-09 00:37

This is the php used by the client to connect. I am only masking out their password and the ftp server, nothing else is altered.

$curl = curl_init();
curl_setopt($curl, CURLOPT_USE_SSL, CURLFTPSSL_ALL);
curl_setopt($curl, CURLOPT_SSLVERSION, 6);
curl_setopt($curl, CURLOPT_TCP_NODELAY, 0);
curl_setopt($curl, CURLOPT_URL, "ftps://uoa:uoa*******@ftp.blanc.com/");
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_exec($curl);
curl_close ($curl);
fclose($file);

User avatar
botg
Site Admin
Posts: 31605
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: OpenSSL SSL_connect: SSL_ERROR_SYSCALL

#7 Post by botg » 2018-11-09 08:02

< 229 Entering Extended Passive Mode (|||5086|)
[..]
* Connecting to xxx.xxx.35.93 (xxx.xxx.35.93) port 5086
* Connected to ftp.blanc.com (xxx.xxx.35.93) port 990 (#0)
[...]
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ftp.blanc.com: 990
Looks like your client forgets which port it is supposed to connect to.

curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
That completely disables security, you could just as well post your password on twitter.

shoutbomb
504 Command not implemented
Posts: 6
Joined: 2018-11-08 18:56
First name: George
Last name: Q

Re: OpenSSL SSL_connect: SSL_ERROR_SYSCALL

#8 Post by shoutbomb » 2018-11-13 13:32

Hello,

Missed that clue and my client confirmed the passive port range was not opened on their firewall. With that corrected, the connection is now working.

Thank you for your time.

Post Reply