220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 4 of 5000 allowed.
220-Local time is now 20:18. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
AUTH TLS
234 AUTH TLS OK.
USER admin2
OFFLINE7, error=10050
If using WinSCP and TLS only mode then I'm able to connect.[/code]
May this is related to the used password, which has a special letter.
Check to use another password without this letter.
(e.g. "$" is a suspicious one)
This is odd, error 10050 is defined as follows:
WSAENETDOWN 10050 - Network is down. A socket operation encountered a dead network. This could indicate a serious failure of the network system (that is, the protocol stack that the Windows Sockets DLL runs over), the network interface, or the local network itself.
It could be a firewall blocking the sending of the password.
with SSLv3 FTP is working and program will ask for a certificate
only example
rm /etc/pure-ftpd/conf/TLSCipherSuite
then pure-ftpd runs with default parameters (with SSL3 )
----------
SSL: Libraries loaded OK! C:\Windows\system32\libeay32.dll
Connect to: (2015-09-17 16:08:19)
hostname=192.168.1.40
username=
startdir=
192.168.1.40=192.168.1.40
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 16:08. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
AUTH TLS
234 AUTH TLS OK.
USER jacek
OFFLINE7, error=10050
TC:
Sep 17 18:36:10 studio pure-ftpd: (?@192.168.1.100) [INFO] New connection from 192.168.1.100
Sep 17 18:36:10 studio pure-ftpd: (?@192.168.1.100) [DEBUG] Command [auth] [TLS]
Sep 17 18:36:10 studio pure-ftpd: (?@192.168.1.100) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
WINSCP : FTP+TLS_ONLY
Sep 17 18:52:22 studio pure-ftpd: (?@192.168.1.100) [INFO] New connection from 192.168.1.100
Sep 17 18:52:22 studio pure-ftpd: (?@192.168.1.100) [DEBUG] Command [auth] [TLS]
Sep 17 18:52:22 studio pure-ftpd: (?@192.168.1.100) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher
Sep 17 18:52:22 studio pure-ftpd: (?@192.168.1.100) [DEBUG] Command [user] [jacek]
Sep 17 18:52:26 studio pure-ftpd: (?@192.168.1.100) [DEBUG] Command [pass] [<*>]
Sep 17 18:52:26 studio pure-ftpd: (?@192.168.1.100) [INFO] PAM_RHOST enabled. Getting the peer address
Sep 17 18:52:26 studio pure-ftpd: (?@192.168.1.100) [INFO] jacek is now logged in
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [syst] []
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [feat] []
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [opts] [UTF8 ON]
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [pbsz] [0]
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [prot] [P]
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [pwd] []
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [cwd] [/]
Sep 17 18:52:26 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [pwd] []
Sep 17 18:52:27 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [type] [A]
Sep 17 18:52:27 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [pasv] []
Sep 17 18:52:27 studio pure-ftpd: (jacek@192.168.1.100) [DEBUG] Command [mlsd] []
Sep 17 18:52:27 studio pure-ftpd: (jacek@192.168.1.100) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher
LOCAL:
$openssl s_client -starttls ftp -crlf -tls1_2 -connect localhost:21
CONNECTED(00000003)
depth=0 C = PL, ST = studio.foo.pl, O = studio.foo.pl, CN = studio.foo.pl
verify error:num=18:self signed certificate
verify return:1
depth=0 C = PL, ST = studio.foo.pl, O = studio.foo.pl, CN = studio.foo.pl
verify return:1
---
Certificate chain
0 s:/C=PL/ST=studio.foo.pl/O=studio.foo.pl/CN=studio.foo.pl
i:/C=PL/ST=studio.foo.pl/O=studio.foo.pl/CN=studio.foo.pl
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDlTCCAn2gAw___CUT___
-----END CERTIFICATE-----
subject=/C=PL/ST=studio.foo.pl/O=studio.foo.pl/CN=studio.foo.pl
issuer=/C=PL/ST=studio.foo.pl/O=studio.foo.pl/CN=studio.foo.pl
---
No client certificate CA names sent
---
SSL handshake has read 2104 bytes and written 495 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: 8E35F5BF7EE56913B73CA47D962C5E9E51F7DF38EF480383B3900B9FC7854382
Session-ID-ctx:
Master-Key: E08AA99A37EC9E7877FF760FEBE1E347703EA919B6F7017365A6CEA3500A074646EF164F83F98C7B2688D9C6E3820396
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - 15 f9 00 cd 1c cc 38 1f-d8 e9 80 95 a3 df 32 8d ......8.......2.
___CUT___
Start Time: 1442508838
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
220 You will be disconnected after 15 minutes of inactivity.
Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.
Apparently the server does not support explicit SSL (AUTH TLS command), only implicit (direct SSL connection). Normally TC can recognize this automatically. Try setting it manually.
wcx_ftp.ini section of the connection, add
SpecialFlags=1
SSL_get_error=1 is SSL_ERROR_SSL, which means some kind of error in SSL/TLS negotiation. TC would have to call ERR_get_error() to get more information on the specific SSL error. The error means that OpenSSL couldn't establish an SSL connection to your server, difficult to say what is wrong.