RE: PROT P Required - FTP over SSL (Implicit)

Dec 29, 2009 at 11:21 PM

Hello,

Let me start by thanking you for Alex FTPS Client.

I went over the previous discussion on this topic but I had few specific question which I could not find answer to.

When I try to connect to my customers server I get the following error : "PROT P required"  at this line client.GetFile("/example1.txt", Path & "\" & filename)

 

Here is my code (vb.net) -

---------------------------------------------

Shared Function myCertificateValidation(ByVal sender As Object, ByVal certificate As X509Certificate, ByVal chain As X509Chain, ByVal sslPolicyErrors As SslPolicyErrors) As Boolean
    
        Return True

        'If sslPolicyErrors = sslPolicyErrors.None Then
        '    Return True
        'End If
        'Dim S As X509ChainStatus

        'For Each S In chain.ChainStatus
        '    If (String.Equals(S.Status.ToString(), "NotTimeValid", StringComparison.OrdinalIgnoreCase)) Then
        '        Return True
        '    Else
        '        Return False
        '    End If

        'Next
    End Function

 

Private Shared Function useFTPTransfer(ByVal autoSessionID As Integer, ByVal MySchoolID As Integer, ByVal FTPURL As String, ByVal Path As String, ByVal filename As String, ByVal userName As String, ByVal password As String) As String

  Dim client As New FTPSClient()

client.Connect("www1.emmanuel.edu", New NetworkCredential("oceuser", "emmanuel"), ESSLSupportMode.Implicit Or ESSLSupportMode.DataChannelRequested, New RemoteCertificateValidationCallback(AddressOf myCertificateValidation))

client.GetFile("/example1.txt", Path & "\" & filename)

End Function

 

Here is what I got when I tested my customer's server on www.g6ftpserver.com.

I can't connect using SSL Explicit so I use SSL Implicit.

 

* About to connect() to xxxxxxxxxxx port 990
* Trying xxxxxxxxxxx .. connected
* Connected to xxxxxxxxxxx port 990
* successfully set certificate verify locations:
* CAfile: d:\www-bin\curl\curl-ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using AES256-SHA
 
< 220-FileZilla Server version 0.9.33 beta


> USER oceuser
< 331 Password required for abcd
> PASS *****
< 230 Logged on

> PBSZ 0
< 200 PBSZ=0

> PWD
< 257 "/" is current directory.
* Entry path is '/'

> CLNT Testing from http://www.g6ftpserver.com/ftptest from IP yyyyyyyyyyyyyyyy
< 200 Don't care

> FEAT
< 211-Features:
< MDTM
< REST STREAM
< SIZE
< MLST type*;size*;modify*;
< MLSD
< AUTH SSL
< AUTH TLS
< UTF8
< CLNT
< MFMT
< 211 End

> PASV
* Connect data stream passively
< 227 Entering Passive Mode (xxxxxxxxxxxxxx)
* Trying xxxxxxxxxxxxxx).. connected
* Connecting to xxxxxxxxxxxxxx) port 29005

> TYPE A
< 200 Type set to A

> LIST
< 550 PROT P required
* RETR response: 550
* Connection #0 to host  xxxxxxxxxxxxxx left intact


> QUIT
< 221 Goodbye
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

 

As I mentioned before that I went over the previous discussion on this topic, so I am going to quote that.

 

>> SslDataChannelCheckExplicitEncryptionRequest() method (thus forcing PROT P to be sent) the upload was successful.

Being an entry level developer I could not really comprehend what is going on here. Can you please suggest me a simpler way ( more articulate code snippet) to "force PROT P", or may be you can provide the switch your were talking about (if its done.) ?

>>What's interesting is that FileZilla has an option saying "Force PROT P to encrypt file transfers in SSL/TLS mode". When this is disabled, the Implicit  SSL FTP communication times out!

To be honest I really wanna solve this through code but if there is no other option then I can ask my customer to enable this option. Will this work ?

My boss is hounding me like you would not believe. LOL.

Hope to hear from you soon.

 

Thank you.

 

 

 

 

 

 

 

 

Coordinator
Dec 29, 2009 at 11:29 PM
Edited Dec 29, 2009 at 11:30 PM

Hi,

well, "PROT P" is an explicit FTPS command. Did you already try to issue an explicit connection on port 990 instead of implicit?

If this doesn't work, the "SslDataChannelCheckExplicitEncryptionRequest()" workaround is the way to go.

 

Cheers,

Alessandro Pilotti

[MVP / IIS]

 

 

Dec 29, 2009 at 11:41 PM

Alessandro,

 

Thanks for the fast reply.

>> well, "PROT P" is an explicit FTPS command. Did you already try to issue an explicit connection on port 990 instead of implicit?

 

Yes, instead of ESSLSupportMode.Implicit, I tried ESSLSupportMode.CredentialsRequired ( Am I right in  guessing that  this make is explicit by default ?).

I just saw your source code and now I know what the earlier code was referring to.

I am going to look into it right now.

 

Thank you.