Recieved TLS alert from the server: Handshake failed (40)

3

I'm trying to FTP into my website. I've made sure my IP address is not blocked and I'm using correct ports and credentails, yet I'm still getting this error log:

Status: Resolving address of ftp.bakealot.com
Status: Connecting to 77.72.2.194:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Error:  Received TLS alert from the server: Handshake failed (40)
Error:  Could not connect to server
Status: Waiting to retry...
Status: Resolving address of ftp.bakealot.com
Status: Connecting to 77.72.2.194:21...
Status: Connection established, waiting for welcome message...
Response:   220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:   220-You are user number 1 of 100 allowed.
Response:   220-Local time is now 16:22. Server port: 21.
Response:   220-This is a private system - No anonymous login
Response:   220-IPv6 connections are also welcome on this server.
Response:   220 You will be disconnected after 15 minutes of inactivity.
Command:    AUTH TLS
Response:   234 AUTH TLS OK.
Status: Initializing TLS...
Error:  Received TLS alert from the server: Handshake failed (40)
Error:  Could not connect to server

Where can I start to troubleshoot?

adampski

Posted 2015-02-07T16:28:48.913

Reputation: 1 164

try to use openssl as client and make connection in verbose mode – Romeo Ninov – 2015-02-07T16:32:30.253

This site only supports the ciphers RC4-MD5 and RC4-SHA which are considered insecure. It might be that your ftp client (which one do you use?) has disabled support for RC4 by default. Apart from that the name in the certificate does not match the name you connect to. – Steffen Ullrich – 2015-02-07T17:01:11.460

@RomeoNinov apologies, I don't know how to use the command line application, openssl. – adampski – 2015-02-07T17:33:23.813

@SteffenUllrich I tried using CuteFTP Pro and FileZilla. – adampski – 2015-02-07T17:33:45.063

1

FileZilla works for me without problems with this site, that is TLS handshake succeeds and I could login if I had the credentials. If you are on windows make sure that RC4 is not disabled on your system, since the server can do only RC4. Maybe you have applied a fix to disable RC4, like described at http://support.microsoft.com/kb/2868725.

– Steffen Ullrich – 2015-02-07T18:04:13.097

Unfortunately the problem persisted in my Mac too @SteffenUllrich – adampski – 2015-02-07T18:09:39.910

If you make a packet capture of the problem (port 21) and post it to cloudshark.org one could have a closer look what's going on. See this support document from apple on how to do such packet capture on the Mac.

– Steffen Ullrich – 2015-02-07T18:31:35.877

Answers

6

I had this issue in ProFTP, and got the same error message in FileZilla. For the same reason as stated, FileZilla have disabled RC4 on TLS connections. You can probably still connect without a certificate check (under Site Manager - Protocol):

enter image description here

Alternatively, and what worked for me, was to give the FTP Server the path to the SSL certificates on your server. It's specific to PureFTP though, so I can't tell you which file to patch - sorry.

This may help though: http://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS

Jay Versluis

Posted 2015-02-07T16:28:48.913

Reputation: 206

Asked: 2015-02-07T16:28:48.913

Viewed: 45 719 times

Active: 2015-05-04T08:01:39.053