Re: FTP Secure Connection Error

Le 05/09/2023 à 17:47, Greg Wilburn a écrit :

No response from host.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Marc Rauzier
Sent: Tuesday, September 5, 2023 11:41 AM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Re: FTP Secure Connection Error

Le 05/09/2023 à 17:04, Greg Wilburn a écrit :

We had an existing FTP script running on 7.3 without issue. Since upgrading to 7.5, we have been unable to establish a connection.
Using:
FTP 'servername' SECCNN(*SSL)

What about using PORT(*SECURE)?

As far as I know standard 21 port does not provide encryption support.

Result:
Connecting to host mywebsite.com at address 99.999.999.999 using port 21.
220 Microsoft FTP Service
234 AUTH command ok. Expecting TLS Negotiation.
Secure connection error, return code 415.

Obviously I've changed the host and IP.

QSSLPCK is *TLSV1.2
QSSLCSLCTL is*OPSYS, *USRDFN
QSSLCSL is
*AES_128_GCM_SHA256
*AES_256_GCM_SHA384
*CHACHA20_POLY1305_SHA256
*ECDHE_ECDSA_AES_128_GCM_SHA256
*ECDHE_ECDSA_AES_256_GCM_SHA384
*ECDHE_RSA_AES_128_GCM_SHA256
*ECDHE_RSA_AES_256_GCM_SHA384
*ECDHE_ECDSA_CHACHA20_POLY1305_SHA256
*ECDHE_RSA_CHACHA20_POLY1305_SHA256

I can connect using WINSCP using Explicit SSL/TLS.

With WINSCP, if you enable logging to debug 2, you can check which protocol and cipher are used. Example for me when I connect to pub400.com

. 2023-09-05 19:24:08.749 Connecting to pub400.com ...
. 2023-09-05 19:24:08.749 Connected
. 2023-09-05 19:24:08.749 TLS layer changed state from unconnected to connecting
. 2023-09-05 19:24:08.749 TLS layer changed state from connecting to connected
. 2023-09-05 19:24:08.749 Connected with pub400.com, negotiating TLS connection...
. 2023-09-05 19:24:08.771 Read 25 bytes
< 2023-09-05 19:24:08.771 220-QTCP at PUB400.COM.
. 2023-09-05 19:24:08.846 Read 59 bytes
< 2023-09-05 19:24:08.846 220 Connection will close if idle more than 1666 minutes.
> 2023-09-05 19:24:08.846 AUTH TLS
. 2023-09-05 19:24:08.872 Read 53 bytes
< 2023-09-05 19:24:08.872 234 Security mechanism accepted; start negotiation.
. 2023-09-05 19:24:08.876 No data to read
. 2023-09-05 19:24:08.903 TLS connect: SSLv3/TLS write client hello
. 2023-09-05 19:24:08.927 TLS connect: SSLv3/TLS read server hello
. 2023-09-05 19:24:08.927 TLS connect: TLSv1.3 read encrypted extensions
. 2023-09-05 19:24:08.933 TLS connect: SSLv3/TLS read server certificate
. 2023-09-05 19:24:08.935 TLS connect: TLSv1.3 read server certificate verify
. 2023-09-05 19:24:08.935 TLS connect: SSLv3/TLS read finished
. 2023-09-05 19:24:08.935 TLS connect: SSLv3/TLS write change cipher spec
. 2023-09-05 19:24:08.935 TLS connect: SSLv3/TLS write finished
. 2023-09-05 19:24:08.936 Verifying certificate for "" with fingerprint b8:82:e2:15:a3:49:09:f6:64:c2:cf:e7:d4:da:c0:62:b5:0f:fa:2e:52:6e:47:67:72:a7:cc:93:a3:da:6b:cf and 19 failures
. 2023-09-05 19:24:08.936 Certificate common name "pub400.com" matches hostname
. 2023-09-05 19:24:09.345 Certificate verified against Windows certificate store
. 2023-09-05 19:24:09.345 Using TLSv1.3, cipher TLSv1.3: TLS_AES_128_GCM_SHA256, 2048 bit RSA, TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
. 2023-09-05 19:24:09.345 Session upkeep
. 2023-09-05 19:24:09.414 TLS connection established. Waiting for welcome message...
> 2023-09-05 19:24:09.414 USER DIMARCO
. 2023-09-05 19:24:09.414 TLS connect: SSL negotiation finished successfully
. 2023-09-05 19:24:09.414 TLS connect: SSL negotiation finished successfully

Which target port do you use?

Any suggestions before opening a ticket with IBM?

Thanks,
Greg
[Logo]<https://www.totalbizfulfillment.com/> Greg Wilburn
Director of IT
301.895.3792 ext. 1231
301.895.3895 direct
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx<mailto:gwilburn@xxxxxxxxxxxxxxxxxxxxxxx>
1 Corporate Dr
Grantsville, MD 21536
www.totalbizfulfillment.com<http://www.totalbizfulfillment.com>