FTPException: SSLv23/TLSv1

Question

I am using enterprisedt's API for connecting to Tumbleweed Secure Transport.
In my trial java program, I get the following exception when try to connect through SSL and server validation set to true:
com.enterprisedt.net.ftp.FTPException: SSLv23/TLSv1
at com.enterprisedt.net.ftp.FTPControlSocket.validateReply(Unknown Sou
e)
at com.enterprisedt.net.ftp.ssl.SSLFTPClient.auth(Unknown Source)
at com.taw.net.ftp.FTPClient.connect(FTPClient.java:76)
at com.taw.net.ftp.FTPClient.main(FTPClient.java:124)

Please advise me.
Thanks and regards,
Saurabh Kumar

Answer 1

auth() is receiving an error code back from the AUTH command.

However it looks like it actually may be succeeding, as SSLv23/TLSv1 isn't an error message.

We expect servers to return 234, 334 or 200 - this one seems to be returning something different.

If you set the log level to DEBUG and then post a small chunk of the logging that shows what is returned from AUTH we should be able to figure out what is happening and tell you how to get around it.

Logger.setLevel(Level.DEBUG);

I am using enterprisedt's API for connecting to Tumbleweed Secure Transport.
In my trial java program, I get the following exception when try to connect through SSL and server validation set to true:
com.enterprisedt.net.ftp.FTPException: SSLv23/TLSv1
at com.enterprisedt.net.ftp.FTPControlSocket.validateReply(Unknown Sou
e)
at com.enterprisedt.net.ftp.ssl.SSLFTPClient.auth(Unknown Source)
at com.taw.net.ftp.FTPClient.connect(FTPClient.java:76)
at com.taw.net.ftp.FTPClient.main(FTPClient.java:124)

Please advise me.
Thanks and regards,
Saurabh Kumar

Answer 2

This is returning error code 334:
------getLastValidReply-------null
-------FTPException-------SSLv23/TLSv1
-------FTPException reply code-------334

Please advise what does this mean and what do I need to do to overcode this error.

Thanks and regards,
Saurabh Kumar

Answer 3

The complete output is:

INFO [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 12 Sep 2006 16:50:03.497 : Licence expiry date: 31 Dec 2099
INFO [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 12 Sep 2006 16:50:03.512 : Production licence
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 12 Sep 2006 16:50:03.622 : Created explicit FTPS client.
------configFlags -------8
INFO [puretls] 12 Sep 2006 16:50:03.653 : PureTLS debug level=0
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 12 Sep 2006 16:50:03.653 : Loaded root certificates from /Java/jdk1.5.0_06/bin/ServerOut.cer
------get Class ------class com.enterprisedt.net.ftp.ssl.SSLFTPClient
------loaded RootCertificates -from ------/Java/jdk1.5.0_06/bin/ServerOut.cer
------Connecting to server -------ftp-devl3.lasalle.na.abnamro.com
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 12 Sep 2006 16:50:03.653 : Connecting to ftp-devl3.lasalle.na.abnamro.com/10.211.110.159:21
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 12 Sep 2006 16:50:03.684 : 220 usessrress121 FTP server (SecureTransport 4.5.1) ready.
------Switching to FTPS (explicit mode)-------
------auth mechanism-------SSL
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 12 Sep 2006 16:50:03.700 : ---
> AUTH SSL
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 12 Sep 2006 16:50:03.700 : 334
SSLv23/TLSv1
------getLastValidReply-------null
-------FTPException-------SSLv23/TLSv1
-------FTPException reply code-------334

I hope this has sufficient information.

Please advise how to overcome this error.

Thanks and regards,
Saurabh Kumar

Answer 4

According to the specification that defines the FTPS protocol (i.e. RFC4217) the server should never return a 334 response. Here's a quote from the specification:

The '334' response, as defined in [RFC-2228], implies that an ADAT exchange will follow. This document does not use the ADAT command and so the '334' reply is incorrect.

Try using TLS instead of SSL. In other words, use the following call:

ftpClient.auth(SSLFTPClient.AUTH_TLS);

What type of server are you connecting to?

- Hans (EDT)

Answer 5

Hi Hans,
Thanks for your prompt reply.

I am connecting to Tumbleweed Secure Transport Server 4.5.1.

I tried with AUTH_TLS and again get 334 as the server reply.

You told that its not a valid reply from server but I am getting this only.

Please suggest something that I should try or any reason why I am getting this error.

here is the result with AUTH_TLS:

INFO [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 13 Sep 2006 09:18:37.56 : Licence expiry date: 31 Dec 2099
INFO [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 13 Sep 2006 09:18:37.56 : Production licence
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 13 Sep 2006 09:18:37.181 : Created explicit FTPS client.
------configFlags -------8
INFO [puretls] 13 Sep 2006 09:18:37.212 : PureTLS debug level=0
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 13 Sep 2006 09:18:37.212 : Loaded root certificates from /Java/jdk1.5.0_06/bin/ServerOut.cer
------get Class ------class com.enterprisedt.net.ftp.ssl.SSLFTPClient
------loaded RootCertificates -from ------/Java/jdk1.5.0_06/bin/ServerOut.cer
------Connecting to server -------ftp-devl3.lasalle.na.abnamro.com
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 13 Sep 2006 09:18:37.212 : Connecting to ftp-devl3.lasalle.na.abnamro.com/10.211.110.159:21
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 13 Sep 2006 09:18:37.243 : 220
usessrress121 FTP server (SecureTransport 4.5.1) ready.
------Switching to FTPS (explicit mode)-------
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 13 Sep 2006 09:18:37.259 : ---
> AUTH TLS
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 13 Sep 2006 09:18:37.259 : 334
SSLv23/TLSv1
------getLastValidReply-------null
-------FTPException-------SSLv23/TLSv1
-------FTPException reply code-------334
------looging in now-------
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 13 Sep 2006 09:18:37.259 : ---

Thanks and regards,
Saurabh Kumar

Answer 6

Please contact us via email (support at enterprisedt dot com) so we can discuss the problem in more detail off the forums.

Answer 7

Problem solved - an old version of edtFTPj/PRO in a vendor product. A later version fixes it.