Error when connecting with EncryptionMode.Explit

Oct 18, 2012 at 9:05 PM

I'm getting a "Bad sequence of commands" exception when attempting to connect to an ftp server via explicit TLS. I've confirmed that I can connect to this server via FileZilla. 

Here's my code. It throws the error on ftp.Connect();  This is with the latest source build.

                using (FtpClient ftp = new FtpClient())
                    ftp.Host = RemoteHost;
                    ftp.DataConnectionEncryption = true;
                    ftp.Credentials = new System.Net.NetworkCredential { UserName = UserName, Password = Password };
                    ftp.EncryptionMode = FtpEncryptionMode.Explicit;
                    ftp.ValidateCertificate += new FtpSslValidation(OnValidateCertificate);

OnValidationCertificate looks like this:

        void OnValidateCertificate(FtpClient control, FtpSslValidationEventArgs e)
            //if (e.PolicyErrors != System.Net.Security.SslPolicyErrors.None)
           // }

            e.Accept = true;

I added a debug tracer, but nothing gets written to the file when encryption is on.


Oct 18, 2012 at 9:11 PM

Are you building the code with DEBUG defined? Need to get the trace if we can.

Oct 18, 2012 at 9:17 PM

Also, the server software and version would be a big plus. Did this problem start today? I uploaded a new revision that addressed a problem with globalscape's secure ftp server and explicit TLS so it would be nice to know if the previous revision worked.

Oct 18, 2012 at 9:22 PM

This occurs with both the current release download (Oct 2) as well as the current source build.

I was able to get the debug tracer after switching to console listener.

220 Microsoft FTP Service
234 AUTH command ok. Expecting TLS Negotiation.
503 Bad sequence of commands.

Oct 18, 2012 at 9:25 PM
Alright, the problem is unrelated to the fix today. The issue is with setting up data channel encryption. Do you know which version of IIS this is occurring on? The version of windows will be enough for me to determine.
Oct 18, 2012 at 9:26 PM
A quick google search reveals the same problem with some other clients, looks like PBSZ needs to be sent first. I'll try to get an update pushed up in the next 30 minutes.
Oct 18, 2012 at 9:34 PM

Alright, the latest revision changes the sequencing of PBSZ and PROT per RFC 2228:

The PROT command will be rejected and the server should reply 503
      if no previous PBSZ command was issued.

Oct 18, 2012 at 10:20 PM

It worked! Thank you very much. :)

Oct 18, 2012 at 10:50 PM
Not a problem