SSL_connect error!

Currently in public beta: Windows Phone version

Moderators: white, Hacker, Stefan2

Post Reply
H_Indewarrie
Junior Member
Junior Member
Posts: 2
Joined: 2016-03-05, 23:46 UTC

SSL_connect error!

Post by *H_Indewarrie »

Quite happy I finally found a decent application on windows mobile 10 with FTP support. Even FTPS seems to be supported properly, but I still didn't manage to connect to my server.
I'm using filezilla server enforcing FTPS.
In Filezilla windows FTP client I always use 'Require explicit FTP over TLS'.

settings in TC:
ftpes://home.domain.eu:49999
SSL explicit (AUTH SSL/TLS) checked
Use passive mode (tried checked and unchecked same result)

I successfully installed certificate so I can connect to my server.
However after that I get the following error:
SSL/TLS
SSL_connect error!
10!=home.domain.eu
OK?

and then the following error if I select ok:
SSL/TLS
SSL_connect error!
10!=10
OK?

selecting ok results in the same error again.

After this error the Server name:port/directory is adjusted with 10+ in the following way:
ftpes://10+home.domain.eu:49999

I guess this is some weird bug, but maybe I do something wrong.
Any help appreciated.
H_Indewarrie
Junior Member
Junior Member
Posts: 2
Joined: 2016-03-05, 23:46 UTC

Post by *H_Indewarrie »

Issue solved...
In the generated certificate I used '10' as organization and I didn't populate common name - no other FTP program on any platform had problems with this before.
Still behaviour with certificate that I do not understand since now I get the following:
ftpes://home.domain.eu+home.domain.eu:49999
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

You should get a request to install the self-signed certificate, because Windows Phone doesn't allow to connect to SSL servers with unknown certificates. After the certificate is installed, you need to try again to connect.

Make sure that the certificate has a valid date, and the phone is set to the correct date too. The name in the certificate isn't checked by TC once the certificate is installed, but TC does warn when the name differs when connecting for the first time.
Author of Total Commander
https://www.ghisler.com
aussiebob
Junior Member
Junior Member
Posts: 3
Joined: 2016-07-28, 09:29 UTC

Post by *aussiebob »

Hi!

I got the same problem on my Lumia 950, I've installed on a Android unit with the sam settings and there is no problem.

Any suggestions would help.

//Robert
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

What error exactly do you get? Android allows to connect even if the certificate doesn't match the server name, but Windows Phone doesn't. So if your server certificate reports www.server1.com but your server name is www.server2.com, then the connection will fail on Windows Phone/Windows 10 Mobile.
Author of Total Commander
https://www.ghisler.com
aussiebob
Junior Member
Junior Member
Posts: 3
Joined: 2016-07-28, 09:29 UTC

Post by *aussiebob »

My bad, after generating a new certificate I get the option to enter the password and message telling me that the directories are collected it disconnect. I can't see any strange in the logs except "450 TLS session of data connection has not resumed or the session does not match the control Connection"

(000097) 2016-07-31 13:25:44 - (not logged in) (95.199.0.141)> Connected on port xxxx, sending welcome message...
(000097) 2016-07-31 13:25:44 - (not logged in) (95.199.0.141)> 220-FileZilla Server 0.9.57 beta
(000097) 2016-07-31 13:25:44 - (not logged in) (95.199.0.141)> 220 aussiebob rules
(000097) 2016-07-31 13:25:44 - (not logged in) (95.199.0.141)> AUTH TLS
(000097) 2016-07-31 13:25:44 - (not logged in) (95.199.0.141)> 234 Using authentication type TLS
(000097) 2016-07-31 13:25:44 - (not logged in) (95.199.0.141)> SSL connection established
(000097) 2016-07-31 13:25:44 - (not logged in) (95.199.0.141)> USER xxxxxxxxx
(000097) 2016-07-31 13:25:44 - (not logged in) (95.199.0.141)> 331 Password required for aussiebob
(000097) 2016-07-31 13:25:55 - (not logged in) (95.199.0.141)> PASS ********
(000097) 2016-07-31 13:25:55 - aussiebob (95.199.0.141)> 230 Logged on
(000097) 2016-07-31 13:25:55 - aussiebob (95.199.0.141)> PBSZ 0
(000097) 2016-07-31 13:25:55 - aussiebob (95.199.0.141)> 200 PBSZ=0
(000097) 2016-07-31 13:25:55 - aussiebob (95.199.0.141)> PROT P
(000097) 2016-07-31 13:25:55 - aussiebob (95.199.0.141)> 200 Protection level set to P
(000097) 2016-07-31 13:25:56 - aussiebob (95.199.0.141)> OPTS UTF8 ON
(000097) 2016-07-31 13:25:56 - aussiebob (95.199.0.141)> 202 UTF8 mode is always enabled. No need to send this command.
(000097) 2016-07-31 13:25:56 - aussiebob (95.199.0.141)> SYST
(000097) 2016-07-31 13:25:56 - aussiebob (95.199.0.141)> 215 UNIX emulated by FileZilla
(000097) 2016-07-31 13:25:56 - aussiebob (95.199.0.141)> CWD /
(000097) 2016-07-31 13:25:56 - aussiebob (95.199.0.141)> 250 CWD successful. "/" is current directory.
(000097) 2016-07-31 13:25:56 - aussiebob (95.199.0.141)> TYPE A
(000097) 2016-07-31 13:25:56 - aussiebob (95.199.0.141)> 200 Type set to A
(000097) 2016-07-31 13:25:56 - aussiebob (95.199.0.141)> PASV
(000097) 2016-07-31 13:25:56 - aussiebob (95.199.0.141)> 227 Entering Passive Mode (xxx,xxx,xx,xxx,x,xxx)
(000097) 2016-07-31 13:25:56 - aussiebob (95.199.0.141)> LIST
(000097) 2016-07-31 13:25:56 - aussiebob (95.199.0.141)> 150 Opening data channel for directory listing of "/"
(000097) 2016-07-31 13:25:56 - aussiebob (95.199.0.141)> 450 TLS session of data connection has not resumed or the session does not match the control connection
(000097) 2016-07-31 13:25:57 - aussiebob (95.199.0.141)> QUIT
(000097) 2016-07-31 13:25:57 - aussiebob (95.199.0.141)> 221 Goodbye
(000097) 2016-07-31 13:25:57 - aussiebob (95.199.0.141)> disconnected.

What am I missing?

Robert
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

450 TLS session of data connection has not resumed or the session does not match the control connection
That's the problem - your server expects SSL session re-use. Windows Phone does NOT support SSL session re-use. There is no chance to transfer any data from/to this server via FTPS from Windows Phone.

If you are the server maintainer, you can deactivate the TLS session resumption requirement in the server settings, though.
Author of Total Commander
https://www.ghisler.com
aussiebob
Junior Member
Junior Member
Posts: 3
Joined: 2016-07-28, 09:29 UTC

Post by *aussiebob »

OK, thanks for your help.

Robert
Post Reply