4 thoughts on “FTPS not negotiating TLS with server”
Having managed to get the HE910 modem (firmware 12.00.224) to store the PEM file, I’m finding that opening the connection to the FTPS server is failing to complete TLS negotiation. Any ideas what I’m doing wrong, as I have followed the documentation. Here are the commands sent to the modem and received back:
01/01/1970 00:00:38 Resp 0: OK 01/01/1970 00:00:38 Cmd: AT+CMEE=2 01/01/1970 00:00:38 Resp 0: OK 01/01/1970 00:00:38 Cmd: AT#FTPOPEN=”ipaddress:port”,”username”,”password”,1 01/01/1970 00:00:46 Resp 0: +CME ERROR: Bad or no response from server 01/01/1970 00:00:46 301 Could not connect to FTP server
There is no sign of negotiation from the modem. I had expected the TLS negotiation / handshake to be performed as part of the FTPOPEN command. Is there another command I’m missing that will do that?
I can login to the FTPS server using an FTP client in explicit FTPS mode, and there are no issues, so I don’t believe that the FTPS server is configured incorrectly. Would grabbing wireshark logs help?
Seems that the certificate had expired – my colleage had created one with a very short validity period! I have created a new certificate, used that PEM file and now it works.
We use cookies to enhance your browsing experience and help us improve our websites. To improve our website, we carefully select third parties that use cookies to allow us to serve specific content and achieve the purposes set out in our cookie policy. For more information on how to make adjustments through your browser to the cookies being used on your device, please click Find Out More link. By closing this banner or continuing to browse our website, you agree to our use of such cookies. FIND OUT MORE
Having managed to get the HE910 modem (firmware 12.00.224) to store the PEM file, I’m finding that opening the connection to the FTPS server is failing to complete TLS negotiation. Any ideas what I’m doing wrong, as I have followed the documentation. Here are the commands sent to the modem and received back:
01/01/1970 00:00:36 Cmd: AT#FTPCFG=100,0,1
01/01/1970 00:00:36 Resp 0: OK
01/01/1970 00:00:36 Cmd: AT#FTPTO=600
01/01/1970 00:00:36 Resp 0: OK
01/01/1970 00:00:36 Cmd: AT#SSLSECCFG=1,0,1,1
01/01/1970 00:00:36 Resp 0: OK
01/01/1970 00:00:36 Cmd: AT#SSLSECDATA=1,1,1,1367
01/01/1970 00:00:36 Resp 0: >
01/01/1970 00:00:36 Cmd: —–BEGIN CERTIFICATE—–
… not printed for security …
—–END CERTIFICATE—–
01/01/1970 00:00:38 Resp 0: OK
01/01/1970 00:00:38 Cmd: AT+CMEE=2
01/01/1970 00:00:38 Resp 0: OK
01/01/1970 00:00:38 Cmd: AT#FTPOPEN=”ipaddress:port”,”username”,”password”,1
01/01/1970 00:00:46 Resp 0: +CME ERROR: Bad or no response from server
01/01/1970 00:00:46 301 Could not connect to FTP server
This is what the server (vsftp) reports:
Tue Apr 7 15:42:50 2015 [pid 12199] CONNECT: Client “ipaddress”
Tue Apr 7 15:42:50 2015 [pid 12199] FTP response: Client “ipaddress”, “220 Welcome to FTP service.”
Tue Apr 7 15:42:51 2015 [pid 12199] FTP command: Client “ipaddress”, “AUTH TLS”
Tue Apr 7 15:42:51 2015 [pid 12199] FTP response: Client “ipaddress”, “234 Proceed with negotiation.”
There is no sign of negotiation from the modem. I had expected the TLS negotiation / handshake to be performed as part of the FTPOPEN command. Is there another command I’m missing that will do that?
I can login to the FTPS server using an FTP client in explicit FTPS mode, and there are no issues, so I don’t believe that the FTPS server is configured incorrectly. Would grabbing wireshark logs help?
Seems that the certificate had expired – my colleage had created one with a very short validity period! I have created a new certificate, used that PEM file and now it works.
Thanks for noticing the solution Gavin.