Your best friend for file transfer.

Fetch application logoFetch

TLS/SSL Encryption ERror (6 posts)

  • Started 6 years ago by JimPM
  • Latest reply 6 years ago from Jim Matthews
  • JimPM Member

    I was previously using FileZilla, but wanted to use a more Mac-like FTP client (and, besides that FileZilla was crashing in Leopard).

    I was able to connect with FZ just fine using TLS/SSL, but when I try with Fetch, it keeps telling me to uncheck the Enable Encryption checkbox. It says that my FTP server doesn't support encrypting data, but I know it does (I am the administrator and have a Self-signed SSL certificate).

    I am stuck. I really want to purchase Fetch and use it, but if I can't connect, then I may have to try something else.

    FYI: I am able to connect via SFTP port 8888, but I am wanting to use TLS/SSL. If I use SFTP, It would require that add each FTP user to the server for shell access (SSH) because of how my server is configured, which I simply don't want to do (I administer several FTP accounts).

    I wanted to add the server response: fallback to [c]

    Thank you.
    Jim.

    [This message has been edited by JimPM (edited 05-19-2008).]

    Posted 6 years ago #

  • Scott McGuire Administrator

    Hi Jim,

    This is not a problem we've had reported to us before, but we'll investigate and try to help fix it if we can.

    To start with, we'd like to see a transcript from Fetch to help diagnose the problem.

    * Quit Fetch, if it's running.
    * Open Fetch again.
    * Connect to your server.
    * Try connecting to the server.
    * Go to the Window menu, and choose Fetch Transcript.
    * Copy the entire contents of the transcript window, and paste them into a reply to this message.

    We'll take a look and see if we can figure out what's going on.

    Thanks,

    Scott McGuire
    Fetch Softworks

    Posted 6 years ago #

  • JimPM Member

    For what it's worth, I just tried connecting to the same account with FTP/SSL using CyberDuck and it works.

    For my own security, I have removed the actual login server names and information from the transcript below.

    Fetch 5.3 (5D161) Intel running on Mac OS X 10.5.2 (9C7010) Intel English
    StuffIt Engine 0x820, StuffIt SDK Version 10.1.1b1
    Expires 06/03/2008 T
    Connecting to vps.SERVER.net port 21 (Mac OS X firewall is limiting connections to specific applications) (5/19/08 8:43:33 PM)
    Connected to IP.ADD.RRESS port 21 (5/19/08 8:43:33 PM)
    220---------- Welcome to Pure-FTPd [TLS] ----------
    220-You are user number 1 of 50 allowed.
    220-Local time is now 20:43. Server port: 21.
    220-This is a private system - No anonymous login
    220 You will be disconnected after 15 minutes of inactivity.
    AUTH TLS
    234 AUTH TLS OK.
    Connecting to vps.SERVER.net port 21 (Mac OS X firewall is limiting connections to specific applications) (5/19/08 8:43:35 PM)
    Connected to IP.ADDR.ESS port 21 (5/19/08 8:43:35 PM)
    220---------- Welcome to Pure-FTPd [TLS] ----------
    220-You are user number 1 of 50 allowed.
    220-Local time is now 20:43. Server port: 21.
    220-This is a private system - No anonymous login
    220 You will be disconnected after 15 minutes of inactivity.
    AUTH TLS
    234 AUTH TLS OK.
    USER usernamehere
    331 User usernamehere OK. Password required
    PASS
    230-User usernamehere has group access to: usernamehere
    230 OK. Current restricted directory is /
    PBSZ 0
    200 PBSZ=0
    PROT P
    534 Fallback to [C]

    Here's the transcript when I connect to another one of my accounts (same server, different user), using SFTP

    Connecting to otheruser@vps.SERVER.net port 8888 (5/19/08 8:45:17 PM)
    SSH2_FXP_INIT 3
    SSH2_FXP_REALPATH 1, .
    /home/otheruser
    SSH2_FXP_STAT 2, /home/otheruser
    SSH2_FXP_REALPATH 3, /home/otheruser/public_html/
    /home/otheruser/public_html
    SSH2_FXP_STAT 4, /home/otheruser/public_html
    Retrieved 57 items from file list cache, stored 05/19/2008 04:37 PM
    Update check skipped at 05/19/2008 08:45 PM (next check after 05/25/2008 10:49 AM)

    [This message has been edited by JimPM (edited 05-20-2008).]

    Posted 6 years ago #

  • Jim Matthews Administrator

    Hi,

    The Pure-FTPd server does not support encrypting the FTP data connection (it does support encrypting the control connection, which includes your password). See:

    http://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS

    I just connected to a Pure-FTPd TLS server with Cyberduck and the transcript shows the same failure to encrypt the data connection that you see in the Fetch transcript:

    PROT P
    534 Fallback to [C]

    (P stands for Protected, i.e. encrypted, while C stands for Cleartext).

    So the only difference between Fetch and Cyberduck in this situation is that Fetch tells you that the data connection is not encrypted, and Cyberduck doesn't.

    You can connect with Fetch by un-checking the "Enable encryption" box. The control connection will still be encrypted, so your password will be protected.

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 6 years ago #

  • JimPM Member

    Thanks for the info. I never noticed it before, but even FileZilla does shows the "fallback to [c]".

    I guess what would have helped is if in Fetch it says "Enable Data Encryption" -- it looks like if I uncheck "Enable Encryption" that it disabled the Password encryption too, which I don't want. What you're saying though, if I understand you correctly, is that the file transfers themselves are cleartext, but the password and login info. is still encrypted. Right?

    Thanks again.

    Posted 6 years ago #

  • Jim Matthews Administrator

    Yes, that's correct. FTP communication is divided between two connections, the control connection and the data connection. The login information and password, and all commands, are sent over the control connection. File lists and file contents are sent over the data connection. Fetch always encrypts the control connection when FTP with TLS/SSL is chosen, but only encrypts the data connection when the "Enable encryption" box is checked.

    This is mentioned in the help:

    http://fetchsoftworks.com/FetchWebHelp/Contents/Concepts/FTPWithTLS-SSL.html

    and

    http://fetchsoftworks.com/FetchWebHelp/Contents/Windows/NewConnectionDialog.html

    It might be clearer if we called it "Enable data encryption" or "Encrypt data transfers"; we'll consider that.

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 6 years ago #

Reply

  • Or nickname, if you prefer.
  • This will be kept confidential.
  • This is to ensure that you’re a person, not a spambot.