FTP with TLS, successful handshake but DENIED LISTING.

[dmartinez]

Usually, I have used SYNCOVERY software to synchronize some files between my Windows PC and a remote CENTOS server. Everything was working fine.

However, I started to use TLS for the FTP connections (configured as a REQUIREMENT on my remote server), and here is when the issue started.

Looks like something in the TLS "handshake" is not going well, hence, the server although it connects, it rejects the "LISTING" library command, then I can't see any directory.

If I use EXACT parameters with FILEZILLA or another FTP client, it works flawless.

Here an extract of the logs from my server when using SYNCOVERY to FTP the server:
------------------
mod_tls/2.6[3967]: TLS/TLS-C requested, starting TLS handshake
mod_tls/2.6[3967]: TLSv1 connection accepted, using cipher DHE-RSA-AES256-SHA (256 bits)
mod_tls/2.6[3967]: SSL/TLS required but absent on data channel, denying LIST command
------------------

Looks like the issue arises on "data channel". Then I can't see the directories ("denied list command". Also I tried ALL list commands in SYNCOVERY software). According to some forums out there, I found that these kind of issues is due to the CLIENT software, rather than the Server configuration for TLS.

It is like the FTPS client is not sending the required commands, and performing the COMPLETE SSL/TLS handshake on the CONTROL and DATA Channels connection, as required by the "TLSRequired on" directive.

And again, if I use Filezilla, these are the logs, and using that client allows me to see the directories on the FTP connection session:
--------------------
mod_tls/2.6[9703]: TLS/TLS-C requested, starting TLS handshake
mod_tls/2.6[9703]: TLSv1 connection accepted, using cipher AES256-SHA (256 bits)
mod_tls/2.6[9703]: Protection set to Private
mod_tls/2.6[9703]: starting TLS negotiation on data connection
mod_tls/2.6[9703]: client reused SSL session for data connection
mod_tls/2.6[9703]: TLSv1 data connection accepted, using cipher AES256-SHA (256 bits)
--------------------

I would appreciate some clues here. Thanks

[superflexible]

Please make sure you have the latest version 7.84 and try the three FTP libraries 1,2,3.

[dmartinez]

Yes. Before posting the first message I had downloaded the last 7.84 version from its website. Additionally I forgot to mention that I have tried ALL libraries and ALL listings (even automatic), and always same results.
Danny

[superflexible]

Hello,
Syncovery always sends the PROT P command in order to protect the data channel. I have tried it with my own Cent OS server, and I could connect with FTP library 3.

Please turn on Internet Protocol Logging on the Program Settings dialog, tab sheet Logs, and try library 3 again and send me the logs (including FTPLOG files from TEMP folder).

My Cent OS server uses Pure-FTPD. Apparently you are using ProFTPD. I will try that next.

[superflexible]

FTP Library 1 works fine with ProFTPD and TLS set to Required.

[superflexible]

In the next update (7.84a or 7.85), FTP library 2 will also work.