I get the following error when trying to connect to a particular FTP server on port 990.
Using Implicit SSL ImplicitSsl: 1 AuthTls: 0 AuthSsl: 0 ftpConnect: Hostname: ftps.xyz.com Port: 990 Connecting via SSL/TLS IdleTimeoutMs: 10000 socket2Connect: connect2: connectImplicitSsl: clientHandshake: clientHandshake2: readHandshakeMessages: sockRecv: Socket operation timeout. Failed to read TLS record (2) tlsRec_msg: 155 msgLen: 8226 nReadNBytes: 155 status: 0 --readHandshakeMessages --clientHandshake2 --clientHandshake Client handshake failed. (3) --connectImplicitSsl ConnectFailReason: 103 --connect2 --socket2Connect ConnectFailReason: 103 --ftpConnect Failed to connect to FTP server.
asked Sep 27 '16 at 08:11
This was caused by the FTP server being configured for explicit SSL/TLS on port 990.
Port 990 is customarily the implicit SSL/TLS port for FTP. Implicit SSL/TLS is such that when the TCP connection is made, the TLS handshake immediately begins. Both sides, client and server, must be expecting this to occur. Otherwise one side would be "talking" the TLS handshake while the other was not (and a timeout would occur).
Explicit SSL/TLS is different. It's when TCP connection is made initially, and then later via an FTP command, the TLS handshake occurs to convert the connection to a secure channel.
Programmers often get confused by the Ftp2.Ssl and Ftp2.AuthTls properties, and often set them incorrectly. The "Ssl" property indicates implicit SSL/TLS, whereas the AuthTls property indicates explicit SSL/TLS. The AutoFix property, turned on by default, automatically fixes the problem when the programmer sets AuthTls = true for port 990. However, if some FTP administrator, not aware of the standard conventions for particular port numbers, configures the FTP server such that port 990 is for explicit TLS, then AutoFix=true will cause a problem. The solution is to set AutoFix=false, and then set AuthTls = true for port 990 (but only for the case where the FTP administrator, in my opinion, made the very poor choice of using port 990 w/ explicit TLS).
answered Sep 27 '16 at 08:36