Opened 14 years ago

Last modified 14 years ago

#899 closed Bug report

Apparent invalid response to AUTH TLS command

Reported by: briddle Owned by:
Priority: normal Component: FileZilla Server
Keywords: Cc: briddle, Tim Kosse
Component version: Operating system type:
Operating system version:

Description

Several of us are having issues trying to run FTP/S
from IBM's mainframe FTP client to FZS. The mainframe
sends "AUTH TLS" to which FZS responds with what IBM
says the RFC says is an invalid 334 response.

The IBM z/OS mainframe client thus never achieves a log
on. We are seeing similar behavior out of the gFTP
client from Red Hat Linux.

This sequence is described in the FZ Help forum from
the thread at: From Thread:
http://sourceforge.net/forum/forum.php?thread_id=1295591&forum_id=68109

To quote the relevant exchanges:

By: krupa38 - mwarnecke
FZS with AUTH TLS and z/OS FTP client
2005-06-03 07:45
I tried to connect to FZS 0.9.8 with IBM's z/OS FTP
client and AUTH TLS. A IP packet trace shows that after
sending the AUTH TLS command FZS sends back a "334
Using authentication type TLS" which in turn is
answered by "QUIT" from the client immediately. Does
the client miss the the optional ADAT= data ?
Any help would be welcome.

By: Dave Gibney - gibney
RE: FZS with AUTH TLS and z/OS FTP client
2005-06-08 18:14
This is a response to this question on an IBM forum:
You are getting a 334 response back. The IBM client is
expecting the SSL
server to send back a 234. When you send a AUTH TLS a
234 is the only
response the IBM client will accept. I ran into this
problem with a
windows server. I opened a problem with IBM after
reading RFC2228 when
it appeared from the surface a 334 was a valid
response. Here is IBM
reply to my etr:
RFC2228 is a generic security RFC. the TLS specific
information can be
found at URL below
http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-16.txt

where it states... 5.2 Server wants a secured session
The FTP protocol
does not allow a server to directly dictate client
behaviour, however
the same effect can be achieved by refusing to accept
certain FTP
commands until the session is secured to an acceptable
level to the
server. in either case, the server response to an 'AUTH
TLS' command
which it will honour, is '234'. The '334' response as
defined in
RFC-2228 implies that an ADAT exchange will follow.
This document does
not use the ADAT command and so the '334' reply is
incorrect. . let us
know if that answer your question

When we replace FZS with commercial FTP servers such as
the GlobalScape Secure FTP Server, the IBM mainframe is
able to successfully connect.

Many corporate and contract users are going to have to
interact with the IBM mainframe platform. Please
consider resolving this issue.

Change History (0)

Note: See TracTickets for help on using tickets.