>
> > It seems that when we run cURL it never receives or replies to the
> > welcome message which is issued by the server (which we
> checked, and
> > the server is sending).
>
> Yes, since the negotiation of the SSL layer doesn't succeed
> in libcurl's end (and I am quite surprised that the server
> thinks it is OK and continues fine).
> We know that from the error message you've shown.
>
> FileZilla obviously succeeds in that negotiation.
>
> Your trace didn't show much details on that though, and I'm
> not even sure if more details would've helped me much.

We have narrowed down the issue in OpenSSL. It seems that if one
issues:
OpenSSL.exe s_client -connect ftp.myserver.com:990

then we get the error that we've been getting. A work around is to
issue:
OpenSSL.exe s_client -connect ftp.myserver.com:990 -ssl2

According to the OpenSSL man page for s_client:

-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1 these options disable
the use of certain SSL or TLS protocols. By default the initial
handshake uses a method which should be compatible with all servers and
permit them to use SSL v3, SSL v2 or TLS as appropriate. Unfortunately
there are a lot of ancient and broken servers in use which cannot handle
this technique and will fail to connect. Some servers only work if TLS
is turned off with the -no_tls option others will only support SSL v2
and may need the -ssl2 option.

How can we make the initial handshake use this option (in other words,
how can we make the handshake use ssl2)?

_______________________________________________
http://cool.haxx.se/mailman/listinfo/curl-and-python
Received on 2005-05-12