Please note that VisualCron support is not actively monitoring this community forum. Please use our contact page for contacting the VisualCron support directly.


c3rberus
2016-07-15T00:40:15Z
Hello,

We are evaluating VisualCron as a FTP automation program but I am having a very hard time getting some stuff to work.

I have a "FTP/FTPS/SFTP/SCP" task connecting to a FTP site, it is setup as..

Protocol Type: FTP TLS Explicit (AUTH TLS)
Authentication type: Password
Channel encryption:
Use data channel encryption (PROT P)
Use command channel encryption

When I connect to my site and try to "upload" a file, I get the following error..

Quote:


220-FileZilla Server 0.9.56 beta
220-written by Tim Kosse (tim.kosse@filezilla-project.org)
220 Please visit https://filezilla-project.org/ 

AUTH TLS
234 Using authentication type TLS

USER xxxx
331 Password required for xxxx

PASS ********
230 Logged on

PBSZ 0
200 PBSZ=0

PROT P
200 Protection level set to P

FEAT
211-Features:
MDTM
REST STREAM
SIZE
MLST type*;size*;modify*;
MLSD
AUTH SSL
AUTH TLS
PROT
PBSZ
UTF8
CLNT
MFMT
EPSV
EPRT
211 End

PBSZ 0
200 PBSZ=0

PROT P
200 Protection level set to P

SYST
215 UNIX emulated by FileZilla

PWD
257 "/" is current directory.

PWD
257 "/" is current directory.

TYPE A
200 Type set to A

PASV
227 Entering Passive Mode (12,206,202,114,195,131)

MLSD
150 Opening data channel for directory listing of "/"

450 TLS session of data connection has not resumed or the session does not match the control connection



The error I am getting is "450 TLS session of data connection has not resumed or the session does not match the control connection" and I have no idea what to do. I've tried a mix of settings on the FTP connection without luck. If I "uncheck "Use data channel encryption (PROT P)" then the upload complains about not doing "PROT P" and the upload does not work.

I am stuck, anyone able to help us out? We really need this to work to proceed with this software.

Thank you.
Sponsor
Forum information
c3rberus
2016-07-15T00:47:25Z
Also I can use a program like FileZilla and connect to the ftp site and successfully upload a file just fine. Below is the debug log from FileZilla when this works.

Anyone able to help me out?

17:46:03 Status: Resolving address of xxx
17:46:03 Status: Connecting to xxx:21...
17:46:04 Status: Connection established, waiting for welcome message...
17:46:04 Response: 220-FileZilla Server 0.9.56 beta
17:46:04 Response: 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
17:46:04 Response: 220 Please visit https://filezilla-project.org/ 
17:46:04 Command: AUTH TLS
17:46:04 Response: 234 Using authentication type TLS
17:46:04 Status: Initializing TLS...
17:46:04 Trace: TLS Handshake successful
17:46:04 Trace: Protocol: TLS1.2, Key exchange: ECDHE-RSA, Cipher: AES-256-GCM, MAC: AEAD
17:46:04 Status: Verifying certificate...
17:46:04 Status: TLS connection established.
17:46:04 Command: USER xxx
17:46:04 Response: 331 Password required for xxx
17:46:04 Command: PASS ****************
17:46:04 Response: 230 Logged on
17:46:04 Command: PBSZ 0
17:46:04 Response: 200 PBSZ=0
17:46:04 Command: PROT P
17:46:04 Response: 200 Protection level set to P
17:46:04 Status: Logged in
17:46:04 Trace: Measured latency of 42 ms
17:46:04 Status: Starting upload of C:\TEST\test.txt
17:46:04 Command: CWD /
17:46:04 Response: 250 CWD successful. "/" is current directory.
17:46:04 Command: TYPE A
17:46:04 Response: 200 Type set to A
17:46:04 Command: PASV
17:46:04 Response: 227 Entering Passive Mode (12,206,202,114,195,155)
17:46:04 Trace: Binding data connection source IP to control connection source IP 172.16.4.116
17:46:04 Command: STOR test.txt
17:46:04 Trace: Trying to resume existing TLS session.
17:46:04 Trace: TLS Handshake successful
17:46:04 Trace: TLS Session resumed
17:46:04 Trace: Protocol: TLS1.2, Key exchange: ECDHE-RSA, Cipher: AES-256-GCM, MAC: AEAD
17:46:04 Response: 150 Opening data channel for file upload to server of "/test.txt"
17:46:04 Response: 226 Successfully transferred "/test.txt"
17:46:04 Status: File transfer successful, transferred 0 bytes in 1 second
17:46:04 Status: Retrieving directory listing of "/"...
17:46:04 Command: TYPE I
17:46:04 Response: 200 Type set to I
17:46:04 Command: PASV
17:46:04 Response: 227 Entering Passive Mode (12,206,202,114,195,126)
17:46:04 Trace: Binding data connection source IP to control connection source IP 172.16.4.116
17:46:04 Command: MLSD
17:46:04 Trace: Trying to resume existing TLS session.
17:46:04 Trace: TLS Handshake successful
17:46:04 Trace: TLS Session resumed
17:46:04 Trace: Protocol: TLS1.2, Key exchange: ECDHE-RSA, Cipher: AES-256-GCM, MAC: AEAD
17:46:04 Response: 150 Opening data channel for directory listing of "/"
17:46:04 Response: 226 Successfully transferred "/"
17:46:04 Status: Directory listing of "/" successful.
c3rberus
2016-07-15T01:01:06Z
According to this article https://forum.filezilla-project.org/viewtopic.php?t=37495  this is a security feature that the client needs to implement.

Is this something that VisualCron does not support?

The ftp site we are connecting to is a bank, we cannot simply ask them to change their security protocols. Any help is appreciated.
al355
2016-07-15T11:13:24Z
We use Visual Cron to connect to FTPS (AUTH TLS) servers but am not aware of any which we use that require TLS session resumption
al355
2016-07-15T11:15:36Z
Have you tried using the FTP browser in Visual Cron? Worth checking first whether this works
Support
2016-07-15T14:37:25Z
We added the SSL resume option in Encryption settings of this build below. Please install, edit the Connection and check that option and let us know:

http://www.visualcron.co....aspx?g=posts&t=6772 
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
c3rberus
2016-07-18T00:10:54Z
Thanks for the build support, I downloaded and installed the latest build (great to see how easy it was to install a new build on top of existing setup!).

I tested this, in encryption settings I enabled "Use SSL session resumption" and it worked just fine without error.

This is looking great, we got a few more sites to test before we pull the trigger on this s/w.

Thanks, original issue is resolved with latest build.
Support
2016-07-18T06:25:53Z
Originally Posted by: c3rberus 

Thanks for the build support, I downloaded and installed the latest build (great to see how easy it was to install a new build on top of existing setup!).

I tested this, in encryption settings I enabled "Use SSL session resumption" and it worked just fine without error.

This is looking great, we got a few more sites to test before we pull the trigger on this s/w.

Thanks, original issue is resolved with latest build.



Great, thanks for the feedback!
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
Scroll to Top