FTP SSL operates in two modes. Explicit SSL - where the FTP Client issues the AUTH command on the clear command channel which results in the server and client performing the SSL handshake to secure the channel. The other mode Implicit SSL - the SSL handshake is done soon as the Client to Server connection is established. Explicit FTP SSL usually defaults to Port 21 whereas Implicit FTP SSL defaults to Port 990.
With the Curl FTP Client you should be able to connect to the server either in Explicit or Implicit SSL mode. Assuming the server supports both modes. With OpenSSL s_client you maybe limited to only Implicit SSL; in which case you will need to specify the 990 port at the command line. - sp panikulam -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of oh...@cox.net Sent: Sunday, November 01, 2009 9:47 PM To: openssl-users@openssl.org Subject: Re: openssl s_client and FTPS ---- oh...@cox.net wrote: > Hi, > > We're having problems connecting to an FTP server using FTPS (not sftp), and to diagnose the problem, we've been using cURL with openssl. The server is IBM Z/OS FTP server. > > When we test with cURL, we are getting: > > Info SSLV3, TLS handshake, Client hello (1) Send SSL Data, 95 bytes (0x5f) =====hex data======= > Info: SSLV?, Unknown (2) > Send SSL data, 2 bytes > 0000: 02 46 > Info: error: 1408F10B: SSL routine:SSL3_GET_RECORD:wrong version number > > From various searches, I've gathered that this kind of problem is not uncommon (but I've not found a solution), but I'm also gathering that what is happening is that openssl is returing some error to cURL. > > So, I've been trying to see if I use "openssl s_client" by itself, and if openssl might provide more info on what he actual problem might be. > > From what I understand, "openssl s_client -starttls ftp" should work, but when we tried it on our system (RHEL) we got a segfault. We checked the openssl version, and it's 0.9.7a, which I understand is a really old version, so we're going to try to get a newer openssl version on the system. > > In the meantime, I wanted to elicit some feedback as to whether, in the experience of others here, if we can get "openssl s_client -starttls ftp" working, will that yield more info that might help us figure out what the problem might be? > > Thanks in advance! > > Jim > Hi, We're kind of guessing that what might be happening is that some firewall or network device between our client machine the the Z/OS FTP machine is causing the server response to the client HELLO to not be returned. Does anyone know, if that is what might be happening, if that would cause openssl to output what we're seeing, i.e. if openssl doesn't receive a response to the client HELLO, will it display: Info: error: 1408F10B: SSL routine:SSL3_GET_RECORD:wrong version number ?? Thanks, Jim ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.423 / Virus Database: 270.14.43/2474 - Release Date: 11/01/09 07:38:00 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
