handshake_failure(40) exception when connecting with Version 12.1.1.0

Question

When connecting with version 12.1.1.0      FTP-over-SSL

I have already used ftpConnection.SessionReductionRequiresExtendedMasterSecret = false;

Still, the exception continues to occur.

LOG:

INFO [FTPConnection] : FTPConnection.6442 OS: 10.0.17763.0, CLR: 4.0.30319.42000, DLL: 12.1.1.0

DEBUG [SSLFTPClient]  : FTPConnection.6442 Connecting to "Server IP Address":21

DEBUG [SSLFTPControlSocket]  : FTPConnection.6442 waitOnShutdownSSL=True

DEBUG [SecureSocket]  : FTPConnection.6442 ChangeSecurityProtocol: None

DEBUG [ExFTPControlSocket]  : FTPConnection.6442 Created control-socket: SocksContext=, ProxySettings=NoProxy, RemoteHost="Server IP Address", controlPort=21, timeout=120000

DEBUG [FTPControlSocket]  : FTPConnection.6442 StrictReturnCodes=False

DEBUG [HostNameResolver]  : FTPConnection.6442 Resolving "Server IP Address"

DEBUG [HostNameResolver]  : FTPConnection.6442 "Server IP Address" resolved to "Server IP Address"

DEBUG [ExFTPControlSocket]  : FTPConnection.6442 Connecting directly to ftp-server "Server IP Address":21

INFO [SSLFTPSocket]  : FTPConnection.6442 Connecting to "Server IP Address":21 with timeout 120000 ms

DEBUG [SSLFTPSocket]  : FTPConnection.6442 Successfully connected to "Server IP Address":21

DEBUG [FTPControlSocket]   : FTPConnection.6442 Setting socket timeout=120000

DEBUG [FTPControlSocket]   : FTPConnection.6442 SetSocketTimeout: 120000

INFO [FTPControlSocket]   : FTPConnection.6442 Command encoding=System.Text.SBCSCodePageEncoding

DEBUG [FTPControlSocket]   : FTPConnection.6442 Setting socket buffer sizes=-1

DEBUG [FTPControlSocket]   : FTPConnection.6442 SetSocketBuffers: -1

DEBUG [FTPControlSocket]  : FTPConnection.6442 220 Welcome ...

DEBUG [SSLFTPClient]  : FTPConnection.6442 SetSSLProtocol: min=DETECT, max=TLS13

DEBUG [SSLFTPClient]  : FTPConnection.6442 SetSSLProtocol=Tls1, Tls11, Tls12, Tls13

DEBUG [FTPControlSocket]  : FTPConnection.6442 ---> AUTH TLS

DEBUG [FTPControlSocket]  : FTPConnection.6442 234 AUTH command ok; starting SSL connection.

DEBUG [SSLFTPControlSocket]  : FTPConnection.6442 Beginning Tls1, Tls11, Tls12, Tls13 handshake.

DEBUG [SecureSocket]  : FTPConnection.6442 ChangeSecurityProtocol: Tls1, Tls11, Tls12, Tls13

DEBUG [SecureSocket]  : FTPConnection.6442 Starting handshake

DEBUG [SocketController]  : FTPConnection.6442 Starting TLS client

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client versions: TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_AES_128_GCM_SHA256

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_AES_256_GCM_SHA384

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_CHACHA20_POLY1305_SHA256

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256

DEBUG [EdtTlsClient]   : FTPConnection.6442 Supported client cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

DEBUG [SecureSocket]   : FTPConnection.6442 Handshake started

DEBUG [SecureSocket]   : FTPConnection.6442 Waiting for handshake completion

DEBUG [SecureSocket]   : FTPConnection.6442 Waiting for handshake to complete (timeout=120000ms)

DEBUG [EdtTlsClient]   : FTPConnection.6461 NotifyAlertReceived(level=2,desc=40)

ERROR [SocketController]   : FTPConnection.6461 OnReceive - caught exception - closing

ERROR [SocketController]   : FTPConnection.6461 EnterpriseDT.BouncyCastle.Tls.TlsFatalAlertReceived: handshake_failure(40)

ERROR [SocketController]   : FTPConnection.6461    ? EnterpriseDT.BouncyCastle.Tls.TlsProtocol.HandleAlertMessage(Int16 alertLevel, Int16 alertDescription)

ERROR [SocketController]   : FTPConnection.6461    ? EnterpriseDT.BouncyCastle.Tls.TlsProtocol.hY7unIN3UjA()

ERROR [SocketController]   : FTPConnection.6461    ? rrvdEMuvdR0gBHgmoYZo.XYL6hQuvuDWDiR0E3Kvi.QeFuviFrvym(Byte[]  , Int32  , Int32  )

ERROR [SocketController]   : FTPConnection.6461    ? EnterpriseDT.BouncyCastle.Tls.TlsProtocol.SafeReadFullRecord(Byte[] input, Int32 inputOff, Int32 inputLen)

ERROR [SocketController]   : FTPConnection.6461    ? EnterpriseDT.BouncyCastle.Tls.TlsProtocol.OfferInput(Byte[] input, Int32 inputOff, Int32 inputLen)

ERROR [SocketController]   : FTPConnection.6461    ? yTmyoYCh1bqKFJxnAjk.cuLpIuCBm4Gpj2KWjxx.haDCsVU2Xv(IAsyncResult  )

DEBUG [SocketController]   : FTPConnection.6461 CloseConnection(e=handshake_failure(40))

DEBUG [SocketController]   : FTPConnection.6461 Shut down socket

DEBUG [SocketController]   : FTPConnection.6461 Closed socket

DEBUG [TransferBuffer]   : FTPConnection.6461 Close() called when open

DEBUG [SecureSocket]   : FTPConnection.6461 OnHandshakeComplete(False,handshake_failure(40))

DEBUG [SecureSocket]   : FTPConnection.6461 OnHandshakeComplete - waiting for lock

DEBUG [SecureSocket]   : FTPConnection.6461 OnHandshakeComplete - in lock

DEBUG [SecureSocket]   : FTPConnection.6461 OnHandshakeComplete - exiting lock

DEBUG [SecureSocket]   : FTPConnection.6461 OnHandshakeComplete - exit

Answer 1

The most likely causes of this error are:

1. The server and client do not have any common cipher suites enabled
2. The server does not support the TLS version
3. The server certificate is self signed or does not match the hostname
4. Firewall blocking connection. The error: "ERROR [SocketController]   : FTPConnection.6461 OnReceive - caught exception - closing" is very often a firewall intervening and blocking the connection

Solution:
Check with the server admin whether they support your version of TLS, and that both the client and server have at least one compatible cipher. Check the server certtificate is valid. You can also check whether the server allows you as the user to use the FTPS protocol?

If you still experience difficulties you will need to open a support ticket here - please make sure that your support agreement is up to date and valid.

Comments

3.I have used ftpConnection.ServerValidation = SecureFTPServerValidationType.AutomaticNoNameCheck;
4.Filezilla connection test is OK

I will try to confirm the 1&2

The same server can be connected using version 9.9.0.
So, between versions 9.9.0 and 12.1.1.0, have we discontinued support for any cipher suites or TLS version?

---

Please check our version history, because we are now at version 12.2.1. Details of the relevant changes are shown in that list.

https://enterprisedt.com/products/edtftpnetpro/doc/manual/html/history.html