login about faq

I get the following error when trying to connect to a particular FTP server on port 990.

    Using Implicit SSL
    ImplicitSsl: 1
    AuthTls: 0
    AuthSsl: 0
    ftpConnect:
      Hostname: ftps.xyz.com
      Port: 990
      Connecting via SSL/TLS
      IdleTimeoutMs: 10000
      socket2Connect:
        connect2:
          connectImplicitSsl:
            clientHandshake:
              clientHandshake2:
                readHandshakeMessages:
                  sockRecv: Socket operation timeout.
                  Failed to read TLS record (2)
                  tlsRec_msg: 155
                  msgLen: 8226
                  nReadNBytes: 155
                  status: 0
                --readHandshakeMessages
              --clientHandshake2
            --clientHandshake
            Client handshake failed. (3)
          --connectImplicitSsl
          ConnectFailReason: 103
        --connect2
      --socket2Connect
      ConnectFailReason: 103
    --ftpConnect
    Failed to connect to FTP server.

asked Sep 27 at 08:11

chilkat's gravatar image

chilkat ♦♦
11.8k316358420


This was caused by the FTP server being configured for explicit SSL/TLS on port 990.

Port 990 is customarily the implicit SSL/TLS port for FTP. Implicit SSL/TLS is such that when the TCP connection is made, the TLS handshake immediately begins. Both sides, client and server, must be expecting this to occur. Otherwise one side would be "talking" the TLS handshake while the other was not (and a timeout would occur).

Explicit SSL/TLS is different. It's when TCP connection is made initially, and then later via an FTP command, the TLS handshake occurs to convert the connection to a secure channel.

Programmers often get confused by the Ftp2.Ssl and Ftp2.AuthTls properties, and often set them incorrectly. The "Ssl" property indicates implicit SSL/TLS, whereas the AuthTls property indicates explicit SSL/TLS. The AutoFix property, turned on by default, automatically fixes the problem when the programmer sets AuthTls = true for port 990. However, if some FTP administrator, not aware of the standard conventions for particular port numbers, configures the FTP server such that port 990 is for explicit TLS, then AutoFix=true will cause a problem. The solution is to set AutoFix=false, and then set AuthTls = true for port 990 (but only for the case where the FTP administrator, in my opinion, made the very poor choice of using port 990 w/ explicit TLS).

link

answered Sep 27 at 08:36

chilkat's gravatar image

chilkat ♦♦
11.8k316358420

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×60
×32
×24
×23
×15

Asked: Sep 27 at 08:11

Seen: 162 times

Last updated: Sep 27 at 08:36

powered by OSQA