OpenSSL
 » 
OpenSSL - User

openssl s_client and FTPS

View: New views
4 Messages — Rating Filter:   Alert me  

openssl s_client and FTPS

by ohaya :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi,

We're having problems connecting to an FTP server using FTPS (not sftp), and to diagnose the problem, we've been using cURL with openssl.  The server is IBM Z/OS FTP server.

When we test with cURL, we are getting:

Info SSLV3, TLS handshake, Client hello (1) Send SSL Data, 95 bytes (0x5f) =====hex data=======
Info: SSLV?, Unknown (2)
Send SSL data, 2 bytes
0000: 02 46
Info: error: 1408F10B: SSL routine:SSL3_GET_RECORD:wrong version number

From various searches, I've gathered that this kind of problem is not uncommon (but I've not found a solution), but I'm also gathering that what is happening is that openssl is returing some error to cURL.

So, I've been trying to see if I use "openssl s_client" by itself, and if openssl might provide more info on what he actual problem might be.

From what I understand, "openssl s_client -starttls ftp" should work, but when we tried it on our system (RHEL) we got a segfault.  We checked the openssl version, and it's 0.9.7a, which I understand is a really old version, so we're going to try to get a newer openssl version on the system.

In the meantime, I wanted to elicit some feedback as to whether, in the experience of others here, if we can get "openssl s_client -starttls ftp" working, will that yield more info that might help us figure out what the problem might be?

Thanks in advance!

Jim
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Re: openssl s_client and FTPS

by ohaya :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message


---- ohaya@... wrote:

> Hi,
>
> We're having problems connecting to an FTP server using FTPS (not sftp), and to diagnose the problem, we've been using cURL with openssl.  The server is IBM Z/OS FTP server.
>
> When we test with cURL, we are getting:
>
> Info SSLV3, TLS handshake, Client hello (1) Send SSL Data, 95 bytes (0x5f) =====hex data=======
> Info: SSLV?, Unknown (2)
> Send SSL data, 2 bytes
> 0000: 02 46
> Info: error: 1408F10B: SSL routine:SSL3_GET_RECORD:wrong version number
>
> From various searches, I've gathered that this kind of problem is not uncommon (but I've not found a solution), but I'm also gathering that what is happening is that openssl is returing some error to cURL.
>
> So, I've been trying to see if I use "openssl s_client" by itself, and if openssl might provide more info on what he actual problem might be.
>
> From what I understand, "openssl s_client -starttls ftp" should work, but when we tried it on our system (RHEL) we got a segfault.  We checked the openssl version, and it's 0.9.7a, which I understand is a really old version, so we're going to try to get a newer openssl version on the system.
>
> In the meantime, I wanted to elicit some feedback as to whether, in the experience of others here, if we can get "openssl s_client -starttls ftp" working, will that yield more info that might help us figure out what the problem might be?
>
> Thanks in advance!
>
> Jim
>


Hi,

We're kind of guessing that what might be happening is that some firewall or network device between our client machine the the Z/OS FTP machine is causing the server response to the client HELLO to not be returned.

Does anyone know, if that is what might be happening, if that would cause openssl to output what we're seeing, i.e. if openssl doesn't receive a response to the client HELLO, will it display:

Info: error: 1408F10B: SSL routine:SSL3_GET_RECORD:wrong version number

??

Thanks,
Jim
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

RE: openssl s_client and FTPS

by sajupaul :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

FTP SSL operates in two modes.  Explicit SSL - where the FTP Client issues
the AUTH command on the clear command channel which results in the server
and client performing the SSL handshake to secure the channel.  The other
mode Implicit SSL - the SSL handshake is done soon as the Client to Server
connection is established.  Explicit FTP SSL usually defaults to Port 21
whereas Implicit FTP SSL defaults to Port 990.

With the Curl FTP Client you should be able to connect to the server either
in Explicit or Implicit SSL mode.  Assuming the server supports both modes.

With OpenSSL s_client you maybe limited to only Implicit SSL; in which case
you will need to specify the 990 port at the command line.

- sp panikulam
-----Original Message-----
From: owner-openssl-users@...
[mailto:owner-openssl-users@...] On Behalf Of ohaya@...
Sent: Sunday, November 01, 2009 9:47 PM
To: openssl-users@...
Subject: Re: openssl s_client and FTPS


---- ohaya@... wrote:
> Hi,
>
> We're having problems connecting to an FTP server using FTPS (not sftp),
and to diagnose the problem, we've been using cURL with openssl.  The server
is IBM Z/OS FTP server.
>
> When we test with cURL, we are getting:
>
> Info SSLV3, TLS handshake, Client hello (1) Send SSL Data, 95 bytes (0x5f)
=====hex data=======
> Info: SSLV?, Unknown (2)
> Send SSL data, 2 bytes
> 0000: 02 46
> Info: error: 1408F10B: SSL routine:SSL3_GET_RECORD:wrong version number
>
> From various searches, I've gathered that this kind of problem is not
uncommon (but I've not found a solution), but I'm also gathering that what
is happening is that openssl is returing some error to cURL.
>
> So, I've been trying to see if I use "openssl s_client" by itself, and if
openssl might provide more info on what he actual problem might be.
>
> From what I understand, "openssl s_client -starttls ftp" should work, but
when we tried it on our system (RHEL) we got a segfault.  We checked the
openssl version, and it's 0.9.7a, which I understand is a really old
version, so we're going to try to get a newer openssl version on the system.

>
> In the meantime, I wanted to elicit some feedback as to whether, in the
experience of others here, if we can get "openssl s_client -starttls ftp"
working, will that yield more info that might help us figure out what the
problem might be?
>
> Thanks in advance!
>
> Jim
>


Hi,

We're kind of guessing that what might be happening is that some firewall or
network device between our client machine the the Z/OS FTP machine is
causing the server response to the client HELLO to not be returned.

Does anyone know, if that is what might be happening, if that would cause
openssl to output what we're seeing, i.e. if openssl doesn't receive a
response to the client HELLO, will it display:

Info: error: 1408F10B: SSL routine:SSL3_GET_RECORD:wrong version number

??

Thanks,
Jim
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.423 / Virus Database: 270.14.43/2474 - Release Date: 11/01/09
07:38:00

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Re: openssl s_client and FTPS

by Victor Duchovni :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

On Mon, Nov 02, 2009 at 05:07:10AM -0500, Saju Paul wrote:

> FTP SSL operates in two modes.  Explicit SSL - where the FTP Client issues
> the AUTH command on the clear command channel which results in the server
> and client performing the SSL handshake to secure the channel.  The other
> mode Implicit SSL - the SSL handshake is done soon as the Client to Server
> connection is established.  Explicit FTP SSL usually defaults to Port 21
> whereas Implicit FTP SSL defaults to Port 990.
>
> With the Curl FTP Client you should be able to connect to the server either
> in Explicit or Implicit SSL mode.  Assuming the server supports both modes.
>
> With OpenSSL s_client you maybe limited to only Implicit SSL; in which case
> you will need to specify the 990 port at the command line.

With "-starttls ftp' (sufficiently recent OpenSSL) explicit mode is
supported. Still, s_client is not an FTP client, so you only get a
control channel, no data channels will be built by s_client for the
FTP commands that use these.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...
Free embeddable forum powered by Nabble Forum Help