Re: implicit SSL with FileZilla server Unknown SSL protocol error 1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Date: Thu, 27 Nov 2008 13:41:16 +0100 (CET)
On Wed, 26 Nov 2008, Ken Hirsch wrote:
> In 2007 there was some talk on this list of always sending a PROT command
> after a PBSZ, even in implicit SSL mode. I think this would be a good idea.
> We communicate with 4 other customers that use FTPS and our communication
> with their servers continued to work after I added a 'PROT P' command to
> them. I'm not sure what software they use, but it's not FileZillas Server
> and I know that they are not all the same software.
Right, I think for implicit FTPS that can be a sensible approach. The only
little "problem" here is that someone needs to stup up and write the code for
it... I think we just have to give up assuming to know how the data connection
is to be done on implicit FTPS.
The RFC4217 also has the following to say about PROT:
the PROT command MUST be preceded by a PBSZ command,
and a PBSZ command MUST be preceded by a successful security data
exchange (the TLS negotiation in this case)
But since we're talking implicit FTPS here it is from the pre-RFC4217 days so
this RFC shouldn't be taken too literally.
Doesn't setting CURLOPT_USE_SSL option to CURLUSESSL_ALL also "fix" the
-- / daniel.haxx.seReceived on 2008-11-27