This project is read-only.

Order of PBSZ/PROT and USER/PASS

Nov 12, 2013 at 2:27 PM
Hello,

I have problems connecting to a FTP server using explicit encryption mode. The server is part of a 3rd party product. The FtpClient sends PBSZ/PROT and then USER/PASS. But the server expects USER/PASS and then PBSZ/PROT (tested with another client).

Here is the log output:
220 FTP server ready.
AUTH TLS
234 Switch over to TLS-based communication.
Time to activate encryption: 0h 0m 0s, Total Seconds: 0,0777523.
PBSZ 0
530 Please login with USER and PASS.
Disposing FtpClient object...
QUIT
221 Goodbye.
Disposing FtpSocketStream...
I spent some time reading RFCs to find out what the correct behavior is. In RFC 4217 (Securing FTP with TLS) on page 17 I found a timing diagram which shows the same behavior as FtpClient, but there is a note below it:
"Note 1: The order of the PBSZ/PROT pair and the USER/PASS pair (with
respect to each other) is not important (i.e., the USER/PASS can
happen prior to the PBSZ/PROT, or the server can refuse to allow a
PBSZ/PROT pair until the USER/PASS pair has happened
)"
Is it possible for FtpClient to send PBSZ/PROT after USER/PASS? Besides this, I think sending PBSZ/PROT after USER/PASS makes sense anyway, because there is no need to set data channel properties until the user was authenticated successfully.

Thanks!
Coordinator
Nov 12, 2013 at 2:32 PM
Thanks Chris, I'm looking into it now.
Coordinator
Nov 12, 2013 at 2:52 PM
Alright Chris, the latest revision moves PBSZ/PROT to after the user authentication (latest revision under Source page). I've tested it against FileZilla and all seems good. Let me know if it this takes care of the problem for you.
Marked as answer by Chris0000 on 11/12/2013 at 7:07 AM
Nov 12, 2013 at 3:07 PM
Wow, that was really fast!! I tested it and everything works fine now. Thank you very very much!
Coordinator
Nov 12, 2013 at 3:26 PM
No problem