#21 tls problem

James Dean

I am using Windows 7 and a pre-compiled Windows binary of wput version: pre0.6-w32.

Several people have reported problems indicated by the message "Setting data protection level to private ... PROT P failed." The answer given here was to use the "--disable-tls" option. Unfortunately for me, that option was added in 0.6.2 and I can't find a Windows binary for that version.

I think I may have discovered a possible cause of my problem and thought I should mention it. I am on a wireless laptop which has a 192.168..... local IP address assigned by my router. The router, of course, has an external IP address assigned by my ISP. It is dynamic, and today it starts with 99.245.....

Using the "-d" option of wput, I discovered this: (Addresses have been fully or totally edited out by me)

==> TYPE A ... ---->TYPE A
[200] 'TYPE is now ASCII'
Setting data protection level to private ... ---->PBSZ 0
[200] 'PBSZ=0'
---->PROT P
[534] 'Fallback to [C]'
PROT P failed.
Portmode: 1
Server socket ready to accept client connection.
==> PORT ... determing local ip_addr
Local IP: 192.168.....
---->PORT 192,168,...,...,239,211
[500] 'I won't open a connection to 192.168........ (only to 99.245........)'
==> PASV ... ---->PASV
[227] 'Entering Passive Mode (...............)'

I am not exactly sure what is going on here, so the following is just a guess, please don't laugh if I am way off... I think since the message has a "[500]" in front of it that it is the ftp program trying to reach 192.168........, which I think means that wput must've reported that IP address to the ftp program. It probably shouldn't have done that as the ftp host at the ISP would think that 192.168....... addresses are on its own internal network. wput probably should've told the ftp program somehow to use the 99.245........ IP address, and maybe a port to use to ensure communications would get forwarded to the right computer on my home network.

So, I have two questions:

1. Is there, or will there be, a Windows binary for wput version 0.6.2 available for download somewhere?

2. In the absence of the "--disable-tls" option in the version I have, can I fix the above problem by using my router's admin program to forward certain ports (239? 211? Those numbers are in the debug listing) to my laptop?

Thank you.


  • Rumpeltux

    Rumpeltux - 2010-01-31
    • milestone: 502281 -->
  • Rumpeltux

    Rumpeltux - 2010-01-31

    I don’t have a windows-machine anymore, so there is no current build available afaik. You can check out the source-code and try to compile wput yourself. Or you can use the wput that’s shipped with the cygwin environment, which should be more current.

    For your problem, both errors shouldn’t actually be a problem. If the protection level cannot be set to private, wput will use unencrypted data-connections (correct me if i’m wrong). If PORT-mode fails wput will connect to the remote machine (PASV) instead of letting the remote machine connect to wput.
    The port for PORT-mode is chosen randomly, so you can’t statically forward it. There are some iptables hacks, but they won’t work if the control connection is encrypted.

  • Olivier Jacques

    Olivier Jacques - 2012-04-18

    I found a workaround to disable TLS with wput: delete the ssleay32.dll file from the wput install directory. Works for me.


Log in to post a comment.