无法使用curl连接到FTPS TLS / SSL隐式加密

Question

I have a PHP Utility which connects and download/uploads file from/to FTPS using ftp_connect() and it works fine on my local machine. But with the same code uploaded to GCP VM (CentOS 7) does not connect to FTPS. I've opened port 990 and 5000-5016 for FTP.

$ftp_conn = ftp_connect(FTP_SERVER,990) or die("Could not connect to ".FTP_SERVER);
$login = ftp_login($ftp_conn, base64_decode($ftp_user), base64_decode($ftp_pass));

---

So as a work around, I want to use curl command to connect to FTPS server.

curl -v -k --ftp-pasv --user user:pass ftps://myftps.com:990/ -v --trace trace.txt -3

But curl does not work even on my local machine. Please find below response of trace

=> Send header, 5 bytes (0x5)
0000: 50 57 44 0d 0a                                  PWD..
<= Recv header, 30 bytes (0x1e)
0000: 32 35 37 20 22 2f 22 20 69 73 20 63 75 72 72 65 257 "/" is curre
0010: 6e 74 20 64 69 72 65 63 74 6f 72 79 0d 0a       nt directory..
== Info: Entry path is '/'
=> Send header, 6 bytes (0x6)
0000: 45 50 53 56 0d 0a                               EPSV..
== Info: Connect data stream passively
== Info: ftp_perform ends with SECONDARY: 0
<= Recv header, 26 bytes (0x1a)
0000: 35 30 30 20 55 6e 6b 6e 6f 77 6e 20 63 6f 6d 6d 500 Unknown comm
0010: 61 6e 64 20 45 50 53 56 0d 0a                   and EPSV..
== Info: Failed EPSV attempt. Disabling EPSV
=> Send header, 6 bytes (0x6)
0000: 50 41 53 56 0d 0a                               PASV..
<= Recv header, 52 bytes (0x34)
0000: 32 32 37 20 45 6e 74 65 72 69 6e 67 20 50 61 73 227 Entering Pas
0010: 73 69 76 65 20 4d 6f 64 65 20 28 31 37 32 2c 32 sive Mode (172,2
0020: 31 2c 32 35 33 2c 32 35 34 2c 31 39 2c 31 33 36 1,253,254,19,136
0030: 29 2e 0d 0a                                     )...
== Info:   Trying xxx.xx.xx.x ...
== Info: Connecting to xxx.xx.xx.x (xxx.xx.xx.x) port 5000
== Info: Connection timed out
== Info: Failed connect to myftps.com:990; Connection timed out
== Info: Closing connection 0

Any help will be appreciated. Thanks

Answer 1

ftp_connect never uses TLS/SSL. No matter if you connect to port 990. It could have never worked, despite your claim that it "works fine on my local machine" - impossible.

---

PHP FTP functions do not even support implicit TLS/SSL.

But virtually all FTPS servers support explicit TLS/SSL.

For that use ftp_ssl_connect with the default port 21.

---

If you really need to use implicit TLS/SSL (I doubt), you need to use another FTP implementation, like the curl . See also ftp_ssl_connect with implicit ftp over tls .

I'm aware that curl does not work for you either, but with curl you have a very different problem (which you will possibly eventually face even with PHP FTP function with explicit TLS/SSL). And that's for a separate question. Note that curl actually does connect . You can clearly see in your trace that curl received lot of responses from the FTP server.