FTPS problem: "A TLS packet with unexpected length was received."

I'm trying to connect to an FTPS server (not SFTP). I am connecting from a linux system, so I have tried lftp, ftp-ssl, and even using php's ftp_ssl_connect, but none of them work. (I have been able to connect to other FTPS servers using all or at least some of the above methods).

The most descriptive error I have is from lftp with debug all the way up to 11:

$ lftp
lftp :~> open -u my-username ftps://server.net
Password: 
lftp [email protected]:~> debug 99999999999
lftp [email protected]:~> ls
FileCopy(0x717bf0) enters state INITIAL
FileCopy(0x717bf0) enters state DO_COPY
---- dns cache hit
---- Connecting to server.net (IP ADDRESS) port 990
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
GNUTLS: HSK[acfbb0]: Keeping ciphersuite: RSA_ARCFOUR_MD5
GNUTLS: HSK[acfbb0]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
GNUTLS: HSK[acfbb0]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
GNUTLS: EXT[acfbb0]: Sending extension CERT_TYPE
GNUTLS: HSK[acfbb0]: CLIENT HELLO was send [88 bytes]
GNUTLS: REC[acfbb0]: Sending Packet[0] Handshake(22) with length: 88
GNUTLS: ASSERT: gnutls_cipher.c:205
GNUTLS: REC[acfbb0]: Sent Packet[1] Handshake(22) with length: 93
GNUTLS: ASSERT: gnutls_buffers.c:638
GNUTLS: ASSERT: gnutls_record.c:909
GNUTLS: ASSERT: gnutls_buffers.c:1152
GNUTLS: ASSERT: gnutls_handshake.c:1032
GNUTLS: ASSERT: gnutls_handshake.c:2331
**** gnutls_handshake: A TLS packet with unexpected length was received.
---- Closing control socket
ls: Fatal error: gnutls_handshake: A TLS packet with unexpected length was received.

With PHP I get the following:

Warning: ftp_login(): SSL/TLS handshake failed in /home/user/ftp.php on line 7
Warning: ftp_login(): SSL enabled start the negotiation in /home/user/ftp.php on line 7
cannot login

Line 6: $connect = ftp_ssl_connect("server.net") or die("cannot connect");

line 7: $result = ftp_login($connect,"my-username","my-password") or die("cannot login");

With ftp-ssl:

$ ftp-ssl -d -z debug server.net
SSL_DEBUG_FLAG on
Connected to server.net.
220-Security Notice
220-All activities may be monitored.  System use indicates consent to
220 monitoring.  Information may be given to law enforcement.
ftp: setsockopt: Bad file descriptor
Name (server.net:user): my-username
---> AUTH SSL
234 SSL enabled start the negotiation
write to 0x68c190 (102 bytes => 102 (66))
0000 - 80 64 01 03 01 00 4b 00-00 00 10 00 00 39 00 00   .d....K......9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00   ..3..2../.......
0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00   ................
0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80   @...............
0050 - 00 00 03 02 00 80 e9 28-25 ed ea 2d e4 d2 f2 25   .......(%..-...%
0060 - 80 e1 2e f1 c3 71                                 .....q
read from 0x68c190 (7 bytes => -1 (FFFFFFFFFFFFFFFF))
ftp: SSL_connect error error:00000000:lib(0):func(0):reason(0)
: Connection reset by peer

Sorry if this post is long, but I've been googling for days with no answer in sight. Just hoping some debug info I missed could be of use to someone.

ansaurus

tags:

views:

answers:

FTPS problem: "A TLS packet with unexpected length was received."

related questions