#5475 closed Bug report (fixed)
Failed to connect to z/OS V1.8 using "FTP over explicit TLS/SSL"
Reported by: | Sam | Owned by: | |
---|---|---|---|
Priority: | high | Component: | FileZilla Client |
Keywords: | FTP over explicit TLS/SSL | Cc: | |
Component version: | Operating system type: | Other | |
Operating system version: |
Description
My client is WINXP SP3. My host is z/OS V1.8 with a FTPD running.
Here is the log:
Status: Connecting to 192.xxx.xx.xx:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220-FTPD1 IBM FTP CS V1R8 at PROD, 09:06:34 on 2010-07-20.
Trace: CFtpControlSocket::OnReceive()
Response: 220 Connection will close if idle for more than 5 minutes.
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 Security environment established - ready for negotiation
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::Failure(-12, 10053)
Trace: GnuTLS alert 80: Internal error
Error: GnuTLS error -12: A TLS fatal alert has been received.
Trace: CRealControlSocket::OnClose(10053)
Trace: CControlSocket::DoClose(64)
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Error: Could not connect to server
Trace: CFileZillaEnginePrivate::ResetOperation(66)
Status: Waiting to retry...
Trace: CControlSocket::DoClose(64)
Trace: CControlSocket::DoClose(64)
Status: Connecting to 192.xxx.xx.xx:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220-FTPD1 IBM FTP CS V1R8 at PROD, 09:06:39 on 2010-07-20.
Trace: CFtpControlSocket::OnReceive()
Response: 220 Connection will close if idle for more than 5 minutes.
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 Security environment established - ready for negotiation
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::Failure(-12, 10053)
Trace: GnuTLS alert 80: Internal error
Error: GnuTLS error -12: A TLS fatal alert has been received.
Trace: CRealControlSocket::OnClose(10053)
Trace: CControlSocket::DoClose(64)
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Error: Could not connect to server
Trace: CFileZillaEnginePrivate::ResetOperation(66)
Here below is my z/OS's TLS setting in FTPSDATA, which is the config file for ftp server:
TLSRFCLEVEL RFC4217
EXTENSIONS AUTH_TLS
SECURE_PASSWORD OPTIONAL
CIPHERSUITE SSL_NULL_MD5
CIPHERSUITE SSL_NULL_SHA
CIPHERSUITE SSL_RC4_MD5_EX
CIPHERSUITE SSL_RC4_MD5
CIPHERSUITE SSL_RC4_SHA
CIPHERSUITE SSL_RC2_MD5_EX
CIPHERSUITE SSL_DES_SHA
CIPHERSUITE SSL_3DES_SHA
CIPHERSUITE SSL_AES_128_SHA
CIPHERSUITE SSL_AES_256_SHA
KEYRING TCPSTC/TCPRING
I have already applied the PTF for z/OS V1.8, UO00701. Please help.
I have already solved the problem. It was caused by my server certificate defined at z/OS.
The correct procedure should be:
(1) Define a self-signed certificate at z/OS.
(2) Define a key ring, e.g. FTPRING, owned by ID(FTPD)
(3) Connect the self-signed certificate to the keyring with the following attributes:
(4) Export the self-signed certificate to data set. Download the data set to client.
(5) Import the downloaded cert file using PCOMM's IBM Key Management or through 'Control Panel'=>'Internet options'=>'Contents'=>'Certificate' under 'Trusted Root Certificate Authorities'.
(6) Start using FileZilla to establish a TLS ftps session with 'Server type'='FTPES - FTP over explicit TLS/SSL'
BINGO!!!