Fatal error 'HandshakeFailure' has been reported by the remote connection end

0 votes
asked Jun 29, 2016 by Nico (120 points)

Trying to review your product but cannot connect to my ftp server :(
What could be the problem?

Thanks

2016-06-29 13:08:46.400 Opening log file.
2016-06-29 13:08:46.400 Using FileLogWriter version 2.0.5885.0.
2016-06-29 13:08:46.438 INFO Ftp(1)[9] Info: Connecting to localhost:39248 using Ftp 4.0.5885.0 (trial version).
2016-06-29 13:08:46.439 INFO Ftp(1)[9] Info: Using proxy none.
2016-06-29 13:08:46.458 DEBUG Ftp(1)[9] Info: Connection succeeded.
2016-06-29 13:08:46.673 INFO Ftp(1)[9] Response: 220 FTP (glFTPd 2.06.2 (Feb 17 2016) 64BiT Linux+TLS(OpenSSL 1.0.1k 8 Jan 2015)+SSP) ready.
2016-06-29 13:08:46.677 INFO Ftp(1)[9] Command: AUTH TLS
2016-06-29 13:08:46.814 INFO Ftp(1)[9] Response: 234 AUTH TLS successful
2016-06-29 13:08:46.815 DEBUG Ftp(1)[9] Info: Upgrading control connection to TLS/SSL.
2016-06-29 13:08:46.830 INFO Ftp(1)[9] TLS: State StateChange:Negotiating
2016-06-29 13:08:46.830 DEBUG Ftp(1)[9] TLS: HandshakeMessage:ClientHello was sent.
2016-06-29 13:08:46.970 INFO Ftp(1)[9] TLS: Alert Alert:Alert was received.
2016-06-29 13:08:46.973 DEBUG Ftp(1)[9] TLS: Error while processing TLS packet: Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
à Rebex.Net.WAI.XR(Byte[] U, Int32 W, Int32 R)
à Rebex.Net.UAI.PP(Byte[] U, Int32 W, Int32 R)
à Rebex.Net.UAI.OP()
2016-06-29 13:08:46.974 INFO Ftp(1)[9] TLS: Alert Alert:Alert was sent.
2016-06-29 13:08:46.974 INFO Ftp(1)[9] TLS: State StateChange:Closed
2016-06-29 13:08:46.975 DEBUG Ftp(1)[9] TLS: Closing TLS socket.
2016-06-29 13:08:46.977 ERROR Ftp(1)[9] Info: Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
à Rebex.Net.WAI.XR(Byte[] U, Int32 W, Int32 R)
à Rebex.Net.UAI.PP(Byte[] U, Int32 W, Int32 R)
à Rebex.Net.UAI.OP()
--- Fin de la trace de la pile d'exception interne ---
à Rebex.Net.UAI.OP()
à Rebex.Net.UAI.JP()
à Rebex.Net.TlsSocket.Negotiate()
à Rebex.Net.QCI.EW(TlsParameters U)
à Rebex.Net.Ftp.VS(TlsParameters U, FtpSecureUpgradeType W)
à Rebex.Net.Ftp.AX(String U, Int32 W, TlsParameters R, SslMode I, FtpSecureUpgradeType Q)
--- Fin de la trace de la pile d'exception interne ---
à Rebex.Net.Ftp.AX(String U, Int32 W, TlsParameters R, SslMode I, FtpSecureUpgradeType Q)

Applies to: Rebex FTP/SSL

1 Answer

0 votes
answered Jul 1, 2016 by Lukas Pokorny (87,030 points)

This looks like the server rejected the client's attempt to negotiate a TLS/SSL session when it received the client's initial TLS/SSL packet.

Unfortunately, this makes it impossible to tell why based on the client-side log alone. Possible cause includes a lack of common algorithms.

  • Do you have access to the server log? If you do, does it contain any additional information?
  • Are you able to connect using any third-party FTP/SSL client? If you are, would it be possible to create a communication log using a network protocol analyzer such as Wireshark and mail it to us for analysis? That should make it possible to determine what is going on. If you need any help with Wireshark, let us know.
commented Aug 10, 2016 by Nico (120 points)
Hi, i tried with Wireshark but it's impossible for me... too hard... i am using Glftpd as a server. Flashfxp works fine with it for example.
commented Aug 10, 2016 by Lukas Pokorny (87,030 points)
Is there any glFTPd server accessible from the Internet where we could reproduce this issue? We don't need any username or password - the error occurs before authentication. If there is, please send us its address to support@rebex.net. If we could reproduce this, there is a high chance we would be able to solve it as well.
commented Aug 10, 2016 by Nico (120 points)
Well, i just tried an other glftpd server. It worked but seems this one is less restrictive on the cipher list. So i guess this cipher is not implemented: ECDHE-ECDSA-AES256-GCM-SHA384
commented Aug 10, 2016 by Lukas Pokorny (87,030 points)
You are right, elliptic-curve-based ciphers such as this one are not supported yet, although we plan to add them soon. Demand for them will most likely grow in the future.
commented Mar 22 by Lukas Pokorny (87,030 points)
All Rebex components that use TLS/SSL or SSH now support elliptic curve algorithms, cetrificates and ciphers. For additional information, see Elliptic Curve Cryptography HOWTO at http://www.rebex.net/kb/elliptic-curve-plugins/default.aspx
commented Oct 31 by Lukas Pokorny (87,030 points)
Support for AES/GCM ciphers including ECDHE-ECDSA-AES256-GCM-SHA384 has been added in Rebex FTP/SSL 2017 R6: https://www.rebex.net/ftp-ssl.net/history.aspx#2017R6
...