SSL: Error in negotiating SSL connection.

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
Cyx
504 Command not implemented
Posts: 6
Joined: 2005-10-07 19:43

SSL: Error in negotiating SSL connection.

#1 Post by Cyx » 2005-10-07 20:28

I have a problem when making SSL connections to the FZ Server with other clients than FZ.

The only changes made to the default configuration are these:
  • 1) SSL/TLS support is enabled and a certificate is generated.
    2) 1 user ("test") is created, with 1 shared folder (home), containing two directories, download and upload.
When I make an SSL connection (on port 990), the home directory is listed OK, but if I try to change directory, to either one of the two therein, I recieve this error (in CuteFTP Pro):
ERROR:> SSL: Error in negotiating SSL connection. The server could be rejecting your certificate.
ERROR:> Failed to establish data socket.
Something similar happens in CoreFTP, but not in FileZilla. It also doesn't happen (at all) on non-SSL connections (port 21). During my tests, I've made local connections, but it's the same when other people try to connect to me. There is no router and no firewall.

Here's the complete log from CuteFTP Pro:
STATUS:> Getting listing ""...
STATUS:> Resolving host name localhost...
STATUS:> Host name localhost resolved: ip = 127.0.0.1.
STATUS:> Connecting to FTP server localhost:990 (ip = 127.0.0.1)...
STATUS:> Socket connected. Waiting for welcome message...
STATUS:> Initializing SSL module.
STATUS:> Connected. Exchanging encryption keys...
STATUS:> SSL Connect time: 297 ms.
STATUS:> SSL encrypted session established.
220-FileZilla Server version 0.9.10 beta
220-written by Tim Kosse (Tim.Kosse@gmx.de)
220 Please visit http://sourceforge.net/projects/filezilla/
STATUS:> Connected. Authenticating...
COMMAND:> USER test
331 Password required for test
COMMAND:> PASS *****
230 Logged on
STATUS:> Login successful.
COMMAND:> PWD
257 "/" is current directory.
STATUS:> Home directory: /
COMMAND:> FEAT
211-Features:
MDTM
REST STREAM
SIZE
MLST type*;size*;modify*;
211 End
STATUS:> This site supports features.
STATUS:> This site supports SIZE.
STATUS:> This site can resume broken downloads.
COMMAND:> REST 0
350 Rest supported. Restarting at 0
COMMAND:> PBSZ 0
200 PBSZ=0
COMMAND:> PROT P
200 Protection level set to P
COMMAND:> PASV
227 Entering Passive Mode (127,0,0,1,5,74)
COMMAND:> LIST
STATUS:> Connecting FTP data socket 127.0.0.1:1354...
150 Connection accepted
STATUS:> Connected. Exchanging encryption keys...
STATUS:> SSL Connect time: 31 ms.
STATUS:> SSL encrypted session established.
226 Transfer OK
STATUS:> Directory listing completed.
STATUS:> Getting listing "/download"...
COMMAND:> CWD /download
250 CWD successful. "/download" is current directory.
STATUS:> PWD skipped. Current folder: "/download".
COMMAND:> PASV
227 Entering Passive Mode (127,0,0,1,5,76)
COMMAND:> LIST
STATUS:> Connecting FTP data socket 127.0.0.1:1356...
150 Connection accepted
STATUS:> Connected. Exchanging encryption keys...
ERROR:> SSL: Error in negotiating SSL connection. The server could be rejecting your certificate.
ERROR:> Failed to establish data socket.
226 Transfer OK
COMMAND:> PWD
257 "/download" is current directory.
COMMAND:> PWD
257 "/download" is current directory.
COMMAND:> PASV
227 Entering Passive Mode (127,0,0,1,5,81)
COMMAND:> LIST
STATUS:> Connecting FTP data socket 127.0.0.1:1361...
150 Connection accepted
STATUS:> Connected. Exchanging encryption keys...
ERROR:> SSL: Error in negotiating SSL connection. The server could be rejecting your certificate.
ERROR:> Failed to establish data socket.
226 Transfer OK
COMMAND:> REST 0
350 Rest supported. Restarting at 0
ERROR:> Control connection closed.
It doesn't visibly change directory to 'download', though it claims that it "is current directory".

Here's the corresponding log from FZ Server:
(000004) 07-10-2005 21:50:19 - (not logged in) (127.0.0.1)> Connected, sending welcome message...
(000004) 07-10-2005 21:50:19 - (not logged in) (127.0.0.1)> 220-FileZilla Server version 0.9.10 beta
(000004) 07-10-2005 21:50:19 - (not logged in) (127.0.0.1)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000004) 07-10-2005 21:50:19 - (not logged in) (127.0.0.1)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000004) 07-10-2005 21:50:19 - (not logged in) (127.0.0.1)> SSL connection established
(000004) 07-10-2005 21:50:20 - (not logged in) (127.0.0.1)> USER test
(000004) 07-10-2005 21:50:20 - (not logged in) (127.0.0.1)> 331 Password required for test
(000004) 07-10-2005 21:50:20 - (not logged in) (127.0.0.1)> PASS
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> 230 Logged on
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> PWD
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> 257 "/" is current directory.
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> FEAT
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> 211-Features:
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> MDTM
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> REST STREAM
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> SIZE
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> MLST type*;size*;modify*;
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> 211 End
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> REST 0
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> 350 Rest supported. Restarting at 0
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> PBSZ 0
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> 200 PBSZ=0
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> PROT P
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> 200 Protection level set to P
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> PASV
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> 227 Entering Passive Mode (127,0,0,1,5,74)
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> LIST
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> 150 Connection accepted
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> SSL connection for data connection established
(000004) 07-10-2005 21:50:20 - test (127.0.0.1)> 226 Transfer OK
(000004) 07-10-2005 21:50:24 - test (127.0.0.1)> CWD /download
(000004) 07-10-2005 21:50:24 - test (127.0.0.1)> 250 CWD successful. "/download" is current directory.
(000004) 07-10-2005 21:50:24 - test (127.0.0.1)> PASV
(000004) 07-10-2005 21:50:24 - test (127.0.0.1)> 227 Entering Passive Mode (127,0,0,1,5,76)
(000004) 07-10-2005 21:50:24 - test (127.0.0.1)> LIST
(000004) 07-10-2005 21:50:24 - test (127.0.0.1)> 150 Connection accepted
(000004) 07-10-2005 21:50:24 - test (127.0.0.1)> 226 Transfer OK
(000004) 07-10-2005 21:50:54 - test (127.0.0.1)> PWD
(000004) 07-10-2005 21:50:54 - test (127.0.0.1)> 257 "/download" is current directory.
(000004) 07-10-2005 21:51:19 - test (127.0.0.1)> PWD
(000004) 07-10-2005 21:51:19 - test (127.0.0.1)> 257 "/download" is current directory.
(000004) 07-10-2005 21:51:38 - test (127.0.0.1)> PASV

(000004) 07-10-2005 21:51:38 - test (127.0.0.1)> 227 Entering Passive Mode (127,0,0,1,5,81)
(000004) 07-10-2005 21:51:38 - test (127.0.0.1)> LIST
(000004) 07-10-2005 21:51:38 - test (127.0.0.1)> 150 Connection accepted
(000004) 07-10-2005 21:51:38 - test (127.0.0.1)> 226 Transfer OK
(000004) 07-10-2005 21:52:02 - test (127.0.0.1)> REST 0
(000004) 07-10-2005 21:52:02 - test (127.0.0.1)> 350 Rest supported. Restarting at 0
(000004) 07-10-2005 21:52:21 - test (127.0.0.1)> 421 No-transfer-time exceeded. Closing control connection.
(000004) 07-10-2005 21:52:21 - test (127.0.0.1)> disconnected.
Any ideas?

User avatar
botg
Site Admin
Posts: 35508
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

#2 Post by botg » 2005-10-08 00:32

In the FZS logs everything looks normal, the SLL connections got established and the directory listing got sent. If listing of home directory works but not of the subdirectory, I think it might be an issue with CuteFTP.

Cyx
504 Command not implemented
Posts: 6
Joined: 2005-10-07 19:43

#3 Post by Cyx » 2005-10-08 08:21

Thank you for your reply, but CoreFTP behaves exactly the same, and gives me this error, when I try to change directory:
SSL/TLS error - 0, SSL error - 5
Error loading directory...
And CuteFTP works with Serv-U. But FlashFXP works with FZ Server. Very weird.

User avatar
botg
Site Admin
Posts: 35508
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

#4 Post by botg » 2005-10-08 08:54

Too bad CuteFTP, CoreFTP and the likes are not open source. Proprietary programs always cause compatibility problems.

Cyx
504 Command not implemented
Posts: 6
Joined: 2005-10-07 19:43

#5 Post by Cyx » 2005-10-08 11:45

:)

Can you suggest any other open source client (than FileZilla)?

User avatar
botg
Site Admin
Posts: 35508
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

#6 Post by botg » 2005-10-08 14:08

At least for Windows I don't know any other one.

Cyx
504 Command not implemented
Posts: 6
Joined: 2005-10-07 19:43

#7 Post by Cyx » 2005-10-08 15:17

Update: SmartFTP and WS_FTP works fine with FZ Server aswell.

Compatible with FZS: 4: FileZilla, SmartFTP, FlashFXP and WS_FTP.
Incompatible with FZS: 2: CuteFTP and CoreFTP (banning on c...ftp regex?). ;)

I wonder what is meant with "The server could be rejecting your certificate". I know that CuteFTP isn't set up to send a "client certificate".

User avatar
botg
Site Admin
Posts: 35508
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

#8 Post by botg » 2005-10-08 16:18

Maybe you should try to contact the C*FTP developers.

Cyx
504 Command not implemented
Posts: 6
Joined: 2005-10-07 19:43

#9 Post by Cyx » 2005-10-08 16:36

Sounds like a good idea, though I'm not sure I want to bother myself.

Post Reply