Jump to content
drazde

Error 425, when put file on ftp server with SSL connection

Recommended Posts

I have the 8.58 version of ICS.

I must connet to a server with SSL protocol (sslTypeAuthTls); le connection works, but when I try to transfer a file I give this error:

Error 425 Can't open data connection

I'm not behind a firewall.

If I try to send a file with FileZilla it works

 

UPDATE: with sslTypeAuthTls I also connect, but I have the error 522

 

Thanks in advance

Edited by drazde

Share this post


Link to post

Make sure you are using passive mode, necessary for SSL.  I transfer hundreds of files a day using SSL FTP between my office and hosted servers, ICS tools at both ends.  

 

Angus

 

Share this post


Link to post
1 hour ago, Angus Robertson said:

Make sure you are using passive mode, necessary for SSL.  I transfer hundreds of files a day using SSL FTP between my office and hosted servers, ICS tools at both ends.  

 

Angus

 

Hi,

I also use passive mode (and I also disable the windows firewall...)

 

I use try also with the sample OverbyteIcsSslFtpTst and I do the following step

1. set host, password....

2. set SSL Type (TLS or SSL)

3. connect (and works)

4. put a file.... and doesn't work, the server give me error 425, I find a file on the FTP but it is empty 😞

 

I try also doing Pbsz and Prot before put the file but without success

 

Probably I missing something but I can't underestand what

Edited by drazde

Share this post


Link to post

Try using the new sample OverbyteIcsXferTst.dpr added in V8.60, it uses the new TIcsFtpMulti component that hides most of the FTP protocol from you, just allowing you to download or upload multiple files.

 

Angus

Share this post


Link to post
16 hours ago, Angus Robertson said:

Try using the new sample OverbyteIcsXferTst.dpr added in V8.60, it uses the new TIcsFtpMulti component that hides most of the FTP protocol from you, just allowing you to download or upload multiple files.

 

Angus

OK, I update the version of ICS at 8.61.

 

With OverbyteIcsSslFtpTst sample I have the same problem, but with OverbyteIcsXferTst I can copy the files.

 

Ok for many aspects FtpMultiClient is less complex but i must change many rows of my code!

I'd rather use TSslFtpClient... but if I can't I will use FtpMultiClient

Share this post


Link to post

TIcsFtpMulti uses TSslFtpClient, look at the log of commands it uses to see what it is doing that you missed in your application. Sorry, wrote it over 10 years ago although only recently added to ICS, can not  remember the tricks it uses.

 

If you want to keep it simple, FtpDownOneFile and FtpUpOneFile just do one file without any indexing.

 

Angus

 

Share this post


Link to post
24 minutes ago, Angus Robertson said:

TIcsFtpMulti uses TSslFtpClient, look at the log of commands it uses to see what it is doing that you missed in your application. Sorry, wrote it over 10 years ago although only recently added to ICS, can not  remember the tricks it uses.

 

If you want to keep it simple, FtpDownOneFile and FtpUpOneFile just do one file without any indexing.

 

Angus

 

Ok, thanks for all!

I saw the comands in the log, I must follow the command like you tell.

 

If TIcsFtpMulti uses TSslFtpClient the is something I have miss!

 

 

Share this post


Link to post

[SOLVED]

 

I found where was the problem.

The client don't use the cached SSL session! so the server reject the transfer

 

This was the log on the tls.log

2019-07-05 09:41:54,739 mod_tls/2.6[26250]: starting TLS negotiation on data connection
2019-07-05 09:41:54,745 mod_tls/2.6[26250]: client did not reuse SSL session, rejecting data connection (see the NoSessionReuseRequired TLSOptions parameter)
2019-07-05 09:41:54,745 mod_tls/2.6[26250]: unable to open data connection: TLS negotiation failed

 

I set the property SslSessionCacheModes with sslSESS_CACHE_CLIENT

And now it works, It transfer the file!

 

Edited by drazde

Share this post


Link to post

Pleased you got it working.  Session caching is poorly documented in ICS, all written by a previous developer and I don't really understand it. 

 

But the new high level components I've added in the last couple of years like TIcsFtpMulti, TSslHttpRest and IcsHosts for servers, handle most the SSL implementation like SSL context and session caching, so the application does not need to worry about it, and that's why TIcsFtpMulti worked.

 

Angus

 

 

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×