I'm using Delphi 10.x and SSL FTP client code, and it works well on one FTP SSL server I'm using from OVH servers. Nevertheless, it does not work on another one, and I do not see why.
I have a 10054 error.
I tested it on ftptest.net and this is OK, see below.
Here is the code related to TLS/SSL that I have added to the standard FTP client code
IdSSLIOHandlerSocketOpenSSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
FFtp.IOHandler := IdSSLIOHandlerSocketOpenSSL;
FFTP.UseTLS := utUseExplicitTLS;
FFTP.DataPortProtection := ftpdpsPrivate;
Here is the LOG file of ftptest.net
Status: Resolving address of s223.panelboxmanager.com
Status: Connecting to 2607:f748:1301:0:184:107:112:57
Status: Connected, waiting for welcome message...
Reply: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Reply: 220-You are user number 3 of 100 allowed.
Reply: 220-Local time is now 15:11. Server port: 21.
Reply: 220-This is a private system - No anonymous login
Reply: 220 You will be disconnected after 2 minutes of inactivity.
Command: CLNT https://ftptest.net on behalf of (Hidden IP)
Reply: 530 You aren't logged in
Command: AUTH TLS
Reply: 234 AUTH TLS OK.
Status: Performing TLS handshake...
Status: TLS handshake successful, verifying certificate...
Status: Received 2 certificates from server.
Status: cert[0]: subject='OU=Domain Control Validated,CN=*.panelboxmanager.com' issuer='C=BE,O=GlobalSign nv-sa,CN=AlphaSSL CA - SHA256 - G2'
Status: cert[1]: subject='C=BE,O=GlobalSign nv-sa,CN=AlphaSSL CA - SHA256 - G2' issuer='C=BE,O=GlobalSign nv-sa,OU=Root CA,CN=GlobalSign Root CA'
Command: USER XXXXX
Reply: 331 User XXXXX OK. Password required
Command: PASS *********
Reply: 230 OK. Current restricted directory is /
Command: SYST
Reply: 215 UNIX Type: L8
Command: FEAT
Reply: 211-Extensions supported:
Reply: EPRT
Reply: IDLE
Reply: MDTM
Reply: SIZE
Reply: MFMT
Reply: REST STREAM
Reply: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Reply: MLSD
Reply: AUTH TLS
Reply: PBSZ
Reply: PROT
Reply: UTF8
Reply: TVFS
Reply: ESTA
Reply: PASV
Reply: EPSV
Reply: SPSV
Reply: ESTP
Reply: 211 End.
Command: PBSZ 0
Reply: 200 PBSZ=0
Command: PROT P
Reply: 200 Data protection level set to "private"
Command: PWD
Reply: 257 "/" is your current location
Status: Current path is /
Command: TYPE I
Reply: 200 TYPE is now 8-bit binary
Command: EPSV
Reply: 229 Extended Passive mode OK (|||33966|)
Command: MLSD
Status: Data connection established, performing TLS handshake...
Reply: 150 Accepted data connection
Status: TLS handshake successful, verifying certificate...
Status: Received 2 certificates from server.
Status: cert[0]: subject='OU=Domain Control Validated,CN=*.panelboxmanager.com' issuer='C=BE,O=GlobalSign nv-sa,CN=AlphaSSL CA - SHA256 - G2'
Status: cert[1]: subject='C=BE,O=GlobalSign nv-sa,CN=AlphaSSL CA - SHA256 - G2' issuer='C=BE,O=GlobalSign nv-sa,OU=Root CA,CN=GlobalSign Root CA'
Status: TLS session of transfer connection has been resumed.
Listing: type=cdir;sizd=331776;modify=20201227201104;UNIX.mode=0711;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e40001; .
Listing: type=pdir;sizd=331776;modify=20201227201104;UNIX.mode=0711;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e40001; ..
Listing: type=dir;sizd=4096;modify=20200914031725;UNIX.mode=0700;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e40038; .autorespond
Listing: type=file;size=11333;modify=20200731001231;UNIX.mode=0600;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e4405e; .bash_history
Listing: type=file;size=33;modify=20091230222848;UNIX.mode=0644;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e400a8; .bash_logout
Listing: type=file;size=296;modify=20190608053032;UNIX.mode=0644;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e4013e; .bash_profile
Listing: type=file;size=205;modify=20190608052818;UNIX.mode=0644;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e40004; .bashrc
Listing: type=dir;sizd=4096;modify=20190608053226;UNIX.mode=0775;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g5100940; .cache
Listing: type=dir;sizd=4096;modify=20180727100540;UNIX.mode=0771;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e4003b; .cagefs
Listing: type=dir;sizd=4096;modify=20201215110057;UNIX.mode=0755;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e4003d; .cl.selector
Reply: 226-Options: -a -l
Reply: 226 68 matches total
Status: Skipped display of 58 listing lines
Status: Success
Simply by adding this, it solved the issue:
IdSSLIOHandlerSocketOpenSSL.SSLOptions.Method := sslvTLSv1_2;
Sometime this is very tricky.... also updated ssleay32.dll and libeay32.dll to the latest versions here:
I think this line can enable all SSL versions
IdSSLIOHandlerSocketOpenSSL.SSLOptions.SSLVersions := [sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2];
Any comment welcome, if putting this line with all versions could be an issue.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.