Hi

I an trying to connect to a server using FTPS(TLS), but when I do that I get problem when the data connection are about to be setup. I think the problem are on the server side but I have to prove that to my customer :). Can anyone confirm this by looking at the log below, or have I missed something? Looks like firewall issue on the server side. Other possible reasons for this error?

[R] Connecting to Customer -> DNS=customer.com IP=1.1.1.1 PORT=990
[R] Connected to Customer
[R] 220 Server ready for new user.
[R] AUTH TLS
[R] 234 Security data exchange complete.
[R] Connected. Negotiating SSL/TLS session
[R] TLSv1 negotiation successful...
[R] TLSv1 encrypted session using cipher AES256-SHA (256 bits)
[R] PBSZ 0
[R] 200 PBSZ command successful.
[R] USER Test
[R] 331 Password required for Test.
[R] PASS (hidden)
[R] 230 User Test logged in.
[R] SYST
[R] 215 UNIX Type: A
[R] FEAT
[R] 211-Extensions supported:
[R] AUTH
[R] CCC
[R] EPRT
[R] EPSV
[R] FEAT
[R] MDTM
[R] PBSZ
[R] SIZE
[R] REST STREAM
[R] MODE Z
[R] 211 End
[R] PWD
[R] 257 "/" is current directory.
[R] TYPE A
[R] 200 Type set to A.
[R] MODE Z
[R] 200 Transfer Mode set to Z.
[R] PROT P
[R] 200 PROT command successful.
[R] PASV
[R] 227 Entering Passive Mode (1,1,1,1,21,190).
[R] Opening data connection IP: 1.1.1.1 PORT: 5566
[R] LIST -al
[R] Connected. Negotiating SSL/TLS session
[R] Data Socket Error: Failed TLSv1 negotiation, disconnected
[R] Connection lost: Customer (Duration: 2 minutes 11 seconds / Idle: 2 minutes 0 second)

Regards,
Per

what build of flashfxp?
does it work with plain ftp?
also timestamped log would've been more useful.

The build is v4.2.5 (1813)
Yes, it works with plane ftp and also with ftps towards another server (different dns, login, certificate and so on)
How do you get timestamps in Flashfxp?

I don't think it's a firewall issue, since there is a status message indicating that the connection was successful, however the SSL handshake is failing and this can be due to a number of things.

It would be helpful to know what FTP server software is being used as well as the timestamps as MxxCon pointed out.

You can enable timestamps by right-clicking on the session status window and selecting Timestamps from the popup menu. You'll want to do this before hand as it doesn't apply them to any existing text in the session window.

Hi
Sorry for the late reply but I have been out of office.
Here are the log again with timestamp:


[13:55:02] [R] Connecting to Customer -> DNS=customer.com IP=1.1.1.1 PORT=990
[13:55:02] [R] Connected to Customer
[13:55:02] [R] 220 Server ready for new user.
[13:55:02] [R] AUTH TLS
[13:55:02] [R] 234 Security data exchange complete.
[13:55:02] [R] Connected. Negotiating SSL/TLS session
[13:55:03] [R] TLSv1 negotiation successful...
[13:55:03] [R] TLSv1 encrypted session using cipher AES256-SHA (256 bits)
[13:55:04] [R] PBSZ 0
[13:55:04] [R] 200 PBSZ command successful.
[13:55:04] [R] USER Test
[13:55:04] [R] 331 Password required for Test.
[13:55:04] [R] PASS (hidden)
[13:55:05] [R] 230 User Test logged in.
[13:55:05] [R] SYST
[13:55:05] [R] 215 UNIX Type: A
[13:55:05] [R] FEAT
[13:55:05] [R] 211-Extensions supported:
[13:55:05] [R] AUTH
[13:55:05] [R] CCC
[13:55:05] [R] EPRT
[13:55:05] [R] EPSV
[13:55:05] [R] FEAT
[13:55:05] [R] MDTM
[13:55:05] [R] PBSZ
[13:55:05] [R] SIZE
[13:55:05] [R] REST STREAM
[13:55:05] [R] MODE Z
[13:55:05] [R] 211 End
[13:55:05] [R] PWD
[13:55:05] [R] 257 "/" is current directory.
[13:55:05] [R] TYPE A
[13:55:05] [R] 200 Type set to A.
[13:55:05] [R] MODE Z
[13:55:06] [R] 200 Transfer Mode set to Z.
[13:55:06] [R] PROT P
[13:55:06] [R] 200 PROT command successful.
[13:55:06] [R] PASV
[13:55:06] [R] 227 Entering Passive Mode (1,1,1,1,21,162).
[13:55:06] [R] Opening data connection IP: 1.1.1.1 PORT: 5538
[13:55:06] [R] LIST -al
[13:55:06] [R] Connected. Negotiating SSL/TLS session
[13:55:11] [R] Data Socket Error: Failed TLSv1 negotiation, disconnected

Anyone know what can cause this fail of SSL/TLS negotiation for the data connection?

What is the FTP server software?

Have you tried turning off MODE Z compression?
That way we can eliminate it as a possible reason for the failure.

I can check, it our customers FTP-server.

I have four choiches on my MODE Z compression, turn all of them off? (List, Upload, Download and FXP)
What exactly does MODE Z compression do?

I tried now without any of the MODE Z choices with the same result.

The FTP-server are Sterling Integrator 5.1

What exactly does MODE Z compression do?on-the-fly compression of transferred data.

I'm really not sure whats going on, Typically if there's a problem with the SSL handshake an error is reported and this does not appear to be the case.

You might ask your customer review the FTP server logs to see if it reveal any specific reason for the failure and we can go from there.

They don't really know either :), that's why I started this thread.
I am drawing blank as well, it just looks like something when setting up the data connection, that something with the SSL/TLS negotiating is failing.
The odd thing is that the SSL/TLS negotiating for the control connection works fine, but for the data connection it fails.

To rule out a possible compatibility problem with FlashFXP you might want to try another FTP client using identical settings, such as passive mode.

It also probably wouldn't hurt to test using the latest beta version of FlashFXP.
https://oss.azurewebsites.net/download-beta

I have tried with two other FTP-clients, so I think we can rule out compatibility problem with FlashFXP.
It feels like it's something on the server side, but I can't just figure out what it is. In a way not really my problem to troubleshoot, but I would like to help my customer

The customer had a loadbalancer on their side that caused this, it's solved now

Thank you for an update on this issue, I am glad to see that the issue has been resolved.