curl is at curl.se / Bugs / #1474 Cannot open FTPS encrypted data connection through HTTP proxy

#1474 Cannot open FTPS encrypted data connection through HTTP proxy

Status: closed-later

Owner: Daniel Stenberg

Labels: SSL (4) ftps (2) proxy (9)

Priority: 5

Updated: 2015-06-03

Created: 2015-01-22

Creator: Marco De Vitis

Private: No

When trying to transfer a file via FTPS through a HTTP proxy (Blue Coat ProxySG), curl fails when trying to open the encrypted DATA connection returning the following error:

curl: (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

This surely happens with recent curl versions (7.39 and 7.40), on Red Hat 6.3.
The transfer works fine instead with previous versions, like 7.19.7, 7.25.0, 7.26.0 and 7.27.0.

I attach the log files obtained with the -v option both from 7.40 (not working) and 7.19 (working), from the same Red Hat 6.3 machine over the same proxy.
The logs also contain the output of curl -V and the command line used:

curl -O -v -k --ftp-ssl --disable-epsv --proxy <proxyIP>:3128 --proxytunnel ftp://<ftpUser>:<ftpPassword>@<serverIP>//testpub.xml

Also note that when disabling data channel encryption with the --ftp-ssl-control option then the connection occurs but a different problem happens during the file transfer, see ticket [#1473].

1 Attachments

Curl_FTPS_logs.zip

Daniel Stenberg - 2015-03-29

Any chance you can try a recent daily snapshot? We did changes to the multi state machine that I suspect might have improved this.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Stenberg - 2015-03-29

status: open --> pending-needsinfo

assigned_to: Daniel Stenberg
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Marco De Vitis - 2015-03-31

The problem is still present.
I downloaded http://curl.haxx.se/snapshots/curl-7.42.0-20150331.tar.gz, built it with default configure, make, make install on another RHEL 6.3 machine, then copied the /usr/local/* curl-related content on the target machine which is behind the proxy, and launched the same test command using /usr/local/bin/curl, but I get the exact same error.

I hope the process I used is OK. I do not have complete freedom of what I can do on the target machine. Here is what I get with curl -V after installing the daily snapshot this way:

# /usr/local/bin/curl -V curl 7.42.0-20150331 (x86_64-unknown-linux-gnu) libcurl/7.42.0-20150331 OpenSSL/1.0.0 zlib/1.2.3 libidn/1.18 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz UnixSockets
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Stenberg - 2015-04-15

status: pending-needsinfo --> pending
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Stenberg - 2015-04-15

Can you please re-resubmit this problem in the new bug tracker we've moving to? We're closing this down and I would like to get all "active" bugs moved over and yet I don't have any way to do it automatically.

You can still link to this bug report as it won't vanish, we'll just focus all activities going forward on the new one.

The new bug tracker: https://github.com/bagder/curl/issues

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Stenberg - 2015-06-03

Status: pending --> closed-later
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Cannot open FTPS encrypted data connection through HTTP proxy

curl is at curl.haxx.se

Searches

Help

#1474 Cannot open FTPS encrypted data connection through HTTP proxy

Related

Discussion