Fatal error 'HandshakeFailure' has been reported by the remote connection end

Question

Trying to review your product but cannot connect to my ftp server :(
What could be the problem?

Thanks

2016-06-29 13:08:46.400 Opening log file.
2016-06-29 13:08:46.400 Using FileLogWriter version 2.0.5885.0.
2016-06-29 13:08:46.438 INFO Ftp(1)[9] Info: Connecting to localhost:39248 using Ftp 4.0.5885.0 (trial version).
2016-06-29 13:08:46.439 INFO Ftp(1)[9] Info: Using proxy none.
2016-06-29 13:08:46.458 DEBUG Ftp(1)[9] Info: Connection succeeded.
2016-06-29 13:08:46.673 INFO Ftp(1)[9] Response: 220 FTP (glFTPd 2.06.2 (Feb 17 2016) 64BiT Linux+TLS(OpenSSL 1.0.1k 8 Jan 2015)+SSP) ready.
2016-06-29 13:08:46.677 INFO Ftp(1)[9] Command: AUTH TLS
2016-06-29 13:08:46.814 INFO Ftp(1)[9] Response: 234 AUTH TLS successful
2016-06-29 13:08:46.815 DEBUG Ftp(1)[9] Info: Upgrading control connection to TLS/SSL.
2016-06-29 13:08:46.830 INFO Ftp(1)[9] TLS: State StateChange:Negotiating
2016-06-29 13:08:46.830 DEBUG Ftp(1)[9] TLS: HandshakeMessage:ClientHello was sent.
2016-06-29 13:08:46.970 INFO Ftp(1)[9] TLS: Alert Alert:Alert was received.
2016-06-29 13:08:46.973 DEBUG Ftp(1)[9] TLS: Error while processing TLS packet: Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
à Rebex.Net.WAI.XR(Byte[] U, Int32 W, Int32 R)
à Rebex.Net.UAI.PP(Byte[] U, Int32 W, Int32 R)
à Rebex.Net.UAI.OP()
2016-06-29 13:08:46.974 INFO Ftp(1)[9] TLS: Alert Alert:Alert was sent.
2016-06-29 13:08:46.974 INFO Ftp(1)[9] TLS: State StateChange:Closed
2016-06-29 13:08:46.975 DEBUG Ftp(1)[9] TLS: Closing TLS socket.
2016-06-29 13:08:46.977 ERROR Ftp(1)[9] Info: Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
à Rebex.Net.WAI.XR(Byte[] U, Int32 W, Int32 R)
à Rebex.Net.UAI.PP(Byte[] U, Int32 W, Int32 R)
à Rebex.Net.UAI.OP()
--- Fin de la trace de la pile d'exception interne ---
à Rebex.Net.UAI.OP()
à Rebex.Net.UAI.JP()
à Rebex.Net.TlsSocket.Negotiate()
à Rebex.Net.QCI.EW(TlsParameters U)
à Rebex.Net.Ftp.VS(TlsParameters U, FtpSecureUpgradeType W)
à Rebex.Net.Ftp.AX(String U, Int32 W, TlsParameters R, SslMode I, FtpSecureUpgradeType Q)
--- Fin de la trace de la pile d'exception interne ---
à Rebex.Net.Ftp.AX(String U, Int32 W, TlsParameters R, SslMode I, FtpSecureUpgradeType Q)

Answer 1

This looks like the server rejected the client's attempt to negotiate a TLS/SSL session when it received the client's initial TLS/SSL packet.

Unfortunately, this makes it impossible to tell why based on the client-side log alone. Possible cause includes a lack of common algorithms.

• Do you have access to the server log? If you do, does it contain any additional information?
• Are you able to connect using any third-party FTP/SSL client? If you are, would it be possible to create a communication log using a network protocol analyzer such as Wireshark and mail it to us for analysis? That should make it possible to determine what is going on. If you need any help with Wireshark, let us know.

Comments

Hi, i tried with Wireshark but it's impossible for me... too hard... i am using Glftpd as a server. Flashfxp works fine with it for example.

---

Is there any glFTPd server accessible from the Internet where we could reproduce this issue? We don't need any username or password - the error occurs before authentication. If there is, please send us its address to support@rebex.net. If we could reproduce this, there is a high chance we would be able to solve it as well.

---

Well, i just tried an other glftpd server. It worked but seems this one is less restrictive on the cipher list. So i guess this cipher is not implemented: ECDHE-ECDSA-AES256-GCM-SHA384

---

You are right, elliptic-curve-based ciphers such as this one are not supported yet, although we plan to add them soon. Demand for them will most likely grow in the future.

---

All Rebex components that use TLS/SSL or SSH now support elliptic curve algorithms, cetrificates and ciphers. For additional information, see Elliptic Curve Cryptography HOWTO at http://www.rebex.net/kb/elliptic-curve-plugins/default.aspx

---

Support for AES/GCM ciphers including ECDHE-ECDSA-AES256-GCM-SHA384 has been added in Rebex FTP/SSL 2017 R6: https://www.rebex.net/ftp-ssl.net/history.aspx#2017R6

---

Hello, I have the same problem.
I use the current 4.0.6755 version.
If I run the code in my application under Windows, I can connect to FTP.

If I then run it under Unix I get a handshake error (ErrorRebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.)


My Code:
I use the library in an AspCore project.


using (var client = new Rebex.Net.Ftp())
                {
                    client.Settings.SslAcceptAllCertificates = true;        
                    client.SecureTransfers = true;

                    client.Connect(FtpConfiguration.Value.Host, FtpConfiguration.Value.Port);

                  
                    if (FtpConfiguration.Value.Ssl == true)
                        client.Secure();
                   
                    client.Login(FtpConfiguration.Value.Username, FtpConfiguration.Value.Passwort);

                    client.ChangeDirectory("/");
}

Can you tell me why it works under Windows and not under Linux

Regards

Info:
FehlerRebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
   at aumk.utye(Byte[] bcs, Int32 bct, Int32 bcu)
   at aumj.utxm(Byte[] ans, Int32 ant, Int32 anu)
   at aumj.utxq()
   --- End of inner exception stack trace ---
   at aumj.utxq()
   at aumj.utxx()
   at wnnt.xfrr(TlsParameters pi)
   at Rebex.Net.Ftp.elmo(TlsParameters ep, FtpSecureUpgradeType eq)
   at Rebex.Net.Ftp.elmm(TlsParameters em, FtpSecureUpgradeType en)

---

Hello Askerion, some TLS ciphers (those based on ECDSA and/or ECDH algorithms) need a plugin on non-Windows platforms. Please see https://www.rebex.net/kb/elliptic-curve-plugins/ for details and links.