cURL / Mailing Lists / curl-library / Single Mail

curl-library

implicit SSL with FileZilla server Unknown SSL protocol error 1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

From: Ken Hirsch <kenhirsch_at_ftml.net>
Date: Wed, 26 Nov 2008 17:11:34 -0500

There have been reports of this error when using curl with FileZilla server:
  error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
or, more generally,
  Unknown SSL protocol error

(e.g. http://curl.haxx.se/mail/lib-2008-01/0338.html and following).

I'd like to clarify that this is the same problem that has been reported
for FileZilla server when using implicit SSL. FileZilla server assumes
that the data channels are, by default, in clear mode.

One workaround is to use explicit SSL on the server. Another workaround
is to force curl to use a 'PROT P' command--for example, using
   -Q 'PROT P'
on the command line. This does
   curl_easy_setopt(curl, CURLOPT_SOURCE_QUOTE, ...);
in libcurl. For the record, -Q '+PROT P' did not work; apparently the
command is sent too late.

In 2007 there was some talk on this list of always sending a PROT
command after a PBSZ, even in implicit SSL mode. I think this would be a
good idea. We communicate with 4 other customers that use FTPS and our
communication with their servers continued to work after I added a 'PROT
P' command to them. I'm not sure what software they use, but it's not
FileZillas Server and I know that they are not all the same software.

Ken Hirsch
Received on 2008-11-26