1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to? Does FTP.CFG only support SSL over port 21? (Newbie)

Discussion in 'Support' started by Brian Woodward, Jul 7, 2017.

  1. Brian Woodward

    Joined:
    Sep 26, 2013
    Messages:
    3
    Likes Received:
    0
    I've created a script.btm file for testing this, it appears that only port 21 supports SSL connections is this true?
    If this the case will other ports be possible in future releases, or is there a better way of doing this?

    script.btm took some time to create but I can't upload it, assistance would be appreciated.

    I'd expect Examples 4 / 5 to transfer data but I'm getting:
    error during handshake[2]: 0x80090308
     
    #1 Brian Woodward, Jul 7, 2017
    Last edited: Jul 7, 2017
  2. Brian Woodward

    Joined:
    Sep 26, 2013
    Messages:
    3
    Likes Received:
    0
    :: Apologies - Code below:
    @echo off
    :: FTP.CFG examples - Does FTP.CFG only support SSL over port 21? Appears so from these examples...
    echo ##
    echo ## Testing FTP.CFG without/with SSL over different ports
    echo ##
    echo NOTE: (A) Results when FTP user account allows insecure FTP...
    echo (B) Results when FTP user account Forces SSL 'Force SSL for user login' - FileZilla Server
    echo.
    echo.
    set tccfile="C:\Program Files\JPSoft\TCMD20\FTP.CFG"
    set ftpsite=<FTP SERVER>
    set ftpport=990
    set username=<USERNAME>
    set password=<PASSWORD>
    set ftpFile=test.txt
    echo creating %tccfile%
    echo %ftpsite% (customerbackups) %username% %password% > %tccfile%

    :: create mockup file to transfer
    echo test > %ftpFile%

    :: useful when using a port sniffer, examine one example at a time..
    :: set do_one=1 to only do one example, with appropriate goto...
    set do_one=0
    ::goto example4

    echo.
    :example1
    echo example 1: Simple FTP
    echo ---------
    set ftp_protocol=FTP
    copy "%ftpFile" %ftp_protocol://customerbackups/DBbackups/
    echo.
    echo (A) sends data over port 21 - insecure, this seems correct.
    echo (B) fails if Force SSL login enabled for user, this seems correct.
    echo.
    if "%do_one"="1" quit

    :example2
    echo example 2: using FTPS protocol
    echo ---------
    set ftp_protocol=FTPS
    copy "%ftpFile" %ftp_protocol://customerbackups/DBbackups/
    echo.
    echo (A) sends data over port 21 using TLS, this seems correct.
    echo (B) sends data over port 21 using TLS, this seems correct.
    echo.
    if "%do_one"="1" quit

    :example3
    echo example 3: using FTP on port 990
    echo ---------
    set ftp_protocol=FTP
    copy "%ftpFile" "%ftp_protocol://customerbackups:990/DBbackups/"
    echo.
    echo (A) Sends data over port 990, insecure
    echo (B) FTP protocol error: 530 TLS required "FTP://customerbackups:990/DBbackups/", seems correct
    echo.
    if "%do_one"="1" quit

    :example4
    echo example 4: using FTPS on port 990
    echo ---------
    set ftp_protocol=FTPS
    copy "%ftpFile" %ftp_protocol://customerbackups:990/DBbackups/
    echo (A) Sends data over port 990 error during handshake[2]: 0x80090308 "FTPS://customerbackups:990/DBbackups"
    echo (B) Sends data over port 990 error during handshake[2]: 0x80090308 "FTPS://customerbackups:990/DBbackups"
    echo port sniffer shows: 500 Syntax error, command unrecognized.
    echo.
    if "%do_one"="1" quit

    :example5
    echo example 5: using FTPS on port 20
    echo ---------
    set ftp_protocol=FTPS
    copy "%ftpFile" %ftp_protocol://customerbackups:20/DBbackups/
    echo (A) error during handshake[2]: 0x80090308 "FTPS://customerbackups:20/DBbackups"
    echo (B) error during handshake[2]: 0x80090308 "FTPS://customerbackups:20/DBbackups"
    echo.
    if "%do_one"="1" quit

    :example6
    echo example 6: using FTPS on port 990 - changing FTP.CFG (port needed in there?)
    echo ---------
    echo changing FTP.CFG and addding port %ftpport% - just incase FTP.CFG requires the port!!
    echo %ftpsite%:%ftpport% (customerbackups) %username% %password% > %tccfile%

    set ftp_protocol=FTPS
    copy "%ftpFile" %ftp_protocol://customerbackups/DBbackups
    echo (A) errors with: Host not found "ftp.axitech.co.uk:990"
    echo (B) errors with: Host not found "ftp.axitech.co.uk:990"
    echo.
     
  3. rconn

    rconn Administrator
    Staff Member

    Joined:
    May 14, 2008
    Messages:
    9,869
    Likes Received:
    83
    FTP.CFG only saves the user name and password, not the port.

    If you need to specify the port, you have to explicitly specify it in the FTP site name.
     
  4. Brian Woodward

    Joined:
    Sep 26, 2013
    Messages:
    3
    Likes Received:
    0
    Thanks for the quick response, example 4 uses the specific port 990, and example 5 uses port 20.
    The file alias in my example is customerbackups
    So, using:
    copy file.txt ftp://customerbackups:21/DBbackups works,
    But,
    copy file.txt ftp://customerbackups:990/DBbackups doesn't work. Even though the username / password in FTP.CFG is correct.
    I get the error code: error during handshake[2]: 0x80090308
    The port sniffer shows the error message:
    500 Syntax error, command unrecognized.
     
  5. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,970
    Likes Received:
    30
    Here, ftps (SSL on port 21) works. Lucky.syr.edu listens on port 990 and that port is OK with the firewall. When I try port 990 I get these.
    Code:
    v:\> dir ftp://lucky.syr.edu:990/4plugins
    
    TCC: Timeout. "ftp://lucky.syr.edu:990/4plugins"
    TCC: Timeout. "ftp://lucky.syr.edu:990/4plugins"
    TCC: (Sys) The system cannot find the file specified.
     "ftp://lucky.syr.edu:990/4plugins"
                       0 bytes in 0 files and 0 dirs
    
    v:\> iftp /v ftp://lucky.syr.edu:990/4plugins
    Connecting to FTP server.
    Connected.
    TCC: Timeout. "lucky.syr.edu"
    
    v:\> 
    The three timeouts above are 180 seconds (!) each. Note that there's two timeouts in the first example and one in the second example.
    The server's log shows entries like this.
    Code:
    [02] Mon 10Jul17 12:24:11 - (001818) Connected to 72.230.84.149 (local address 128.230.13.36, port 990)
    [03] Mon 10Jul17 12:24:11 - (001818) IP-Name: alt.vefatica.net (72.230.84.149)
    [02] Mon 10Jul17 12:27:11 - (001818) Unable to establish SSL connection (CLIENT ERROR: Client may have rejected the SSL certificate.  Ensure the SSL certificate has been issued by a certificate authority.)
    [02] Mon 10Jul17 12:27:11 - (001818) Closed session
    Sniffing shows only IP handshaking ... not enough data for any certificate to have been sent. And the certificate works fine with ftps.
     
  6. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,970
    Likes Received:
    30
    This does work.
    Code:
    dir ftps://lucky.syr.edu:990/4plugins
    It works implicitly (no "AUTH TLS") as it should, and it uses port 990.
     
  7. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,970
    Likes Received:
    30
    What is the unrecognized command? You should be able to see it with the sniffer.
     

Share This Page