What does this error mean - Rebex.Net.TlsException: Fatal error 'I' has been reported by the remote connection end

+1 vote
asked Sep 13, 2016 by ravin.sankardayal (130 points)
Applies to: Rebex FTP/SSL

1 Answer

0 votes
answered Sep 13, 2016 by Lukas Pokorny (101,070 points)
edited Feb 10, 2017 by Tomas Knopp

Update: This turned out to occur in older version of Rebex components because the server only allows clients that support Renegotiation Indication Extension. Support for RIE has been released as part of Rebex components 2017R1.There is a hotfix available for this - contact support@rebex.net if you need it. We will add support for this extension in one of the next releases.


Rebex FTP/SSL 2014 R1 and some earlier versions had a bug that caused unreadable alert names to be reported in this particular TlsException message. This has been fixed in Rebex FTP/SSL 2014 R2:

  • SSL: Fixed alert names in TlsException messages.

If possible, upgrade to the latest version of Rebex FTP/SSL to get more meaningful error messages. Otherwise, please create a communication log and post it here (or send it to support@rebex.net) - we might be able to determine what is going on.

commented Sep 13, 2016 by ravin.sankardayal (130 points)
edited Sep 13, 2016 by ravin.sankardayal
I've upgraded to FTP/SSL 2014 R2 and now I am getting "Fatal error 'HandshakeFailure' has been reported by the remote connection end". I tried filezilla and it connecting the sftp site. Also the sftp server is using an SSL cert, I am testing using your "Simple Winform FTP Client". Your FTP client is not prompting me to accept the SSL cert or is it done automatically.
commented Sep 13, 2016 by Lukas Pokorny (101,070 points)
Would it be possible to try the current release, 2016 R2.2? We made several compatibility enhancements in our TLS 1.2 implementation since 2014. Previously, some incompatibilities resulted in HandshakeFailure was errors.
commented Sep 13, 2016 by Lukas Pokorny (101,070 points)
Simple Winform FTP Client sample validates certificates using Windows CryptoAPI and it only prompts when this validation fails. This means that there is no prompt when connecting to a server that uses a certificate issued by one of the trusted certification authorities. (This default behavior can be changed - see http://www.rebex.net/ftp-ssl.net/features/tls-ssl.aspx#custom-certificate-validation for details.)
commented Sep 13, 2016 by ravin.sankardayal (130 points)
edited Sep 13, 2016 by ravin.sankardayal
I download and try release, 2016 R2.2 and I am getting the same error "Debug TLS: Error while processing TLS packet: Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end". This used to work ver 2013 R2, it stop working when the company changed the SSL cert on the FTP server with SHA256 algorithm, not too sure if this has an impact.
commented Sep 14, 2016 by Lukas Pokorny (101,070 points)
edited Mar 22, 2017 by Lukas Pokorny
Could you please try connecting with TLS 1.2 disabled and TLS 1.1 enabled? FtpWinFormClient sample has a setting for that.

Certificates with SHA-256 algorithms have been supported for a long time, although not fully on all platforms (this has been improved). However, 2016 R1 enables TLS 1.2 by default, which again might break compatibility with some servers.

Also, the certificate might be using elliptic curve algorithm - these are supported since 2017 R2, but need plugins on some platforms. See Elliptic Curve Cryptography HOWTO for details: http://www.rebex.net/kb/elliptic-curve-plugins/
commented Sep 14, 2016 by Lukas Pokorny (101,070 points)
If the server runs on a publicly accessible address, could you please share it with us at support@rebex.net? If we were able to reproduce this issue ourselves, we might be able to fix it quickly. (No credentials are needed - the error occurs in TLS negotiation, which takes place before authentication).
...