Issue with FTPS upload
  • Hi,

    I have so far been unable to get security spy to connect to my FTPS server.

    My FTP server is a windows server 2012 machine running IIS, configured for FTP with Explicit TLS (i.e. on port 21). I'm using a valid TLS certificate from a trusted issuer. Regular FTP clients can connect to it without any issue (including the mac clients Transmit and Cyberduck).

    However when I try to configure securityspy with the appropriate details, and click the "test" button, after a second or two the error message below is display:-

    Error 90040,534 534 Policy requires SSL.

    Is there any guidance or further diagnostic I can do? I'm at a bit of a loss.

    thanks

    Jon Hulatt
  • Hi Jon,

    The most obvious thing to check is that you have actually selected the FTPS option for the protocol, rather than the FTP option, under Preferences -> Uploads - could you please confirm this?

    There are two methods for negotiating a secure connection via FTPS called "implicit" and "explicit". SecuritySpy supports only the latter, because implicit is considered non-standard and deprecated. However it could be that your server is only supporting this method. Could you check your server configuration to see if you can turn on an option that enables explicit SSL? I know you mentioned above that the server supports explicit, but this is the only other thing I can think of that could cause this problem, so it's worth double-checking.

    Failing that, can your server support SFTP (SSH File Transfer Protocol)?
  • Hi Ben,

    Thanks for your reply. My server is definitely running FTPS, and it's definitely explicit. And i've definitely selected FTPS in securityspy.

    Does securityspy have a more detailed logging system? It'd be interesting to see the FTP command it's sending.

    I can let you have a test account to verify, if that would help. If you would like that then please let me know, obviously i'd rather send you my connection details directly.

    Thanks

    Jon
  • I've now examined my IIS ftp logs. They're not that comprehensive, but they do show that the 534 is issued in response to the STOR command - so SecuritySpy is attempting to only use TLS for the control channel and not the data channel.

    I then tried relaxing IIS configuration to only require TLS for the control channel, and make it optional for the data channel.

    Now, securityspy starts to upload the test file (dummy_file_for_testing_upload), but it never seems to complete, and within a minute or so, securityspy has the error "Error 4640,800 No response from server"

    So i'm closer, but still not there. Help appreciated!
  • For anyone else reading this thread, this was a bug in SecuritySpy specifically affecting FTPS (not FTP or SFTP) connections, and will be fixed in the upcoming version 4.2.4.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!