Troubleshooting SSL Connections
If you are having difficulty connecting to your FTP server or HTTPS over SSL, refer to the following checklist for help.
SSL Connection Checklist
-
Verify that the server you are connecting to supports SSL connections.
-
Verify the port being used. Some servers require that SSL connections use a dedicated port, such as 990.
-
Verify the SSL connection type on the Site Properties Type tab is the correct SSL mechanism supported by your server.
-
Verify that your Certificate was added to the server’s Trusted List if the server requires client certificates upon connect. You may have to notify the server administrator as not all servers will auto-accept client certificates upon their first connection attempt.
-
You must accept the server’s certificate when prompted during a connection attempt, otherwise the client will not connect as desired.
-
Verify that your certificate has not expired. Check your Trusted List.
-
Copy the connection log to a text file or email to assist in troubleshooting when contacting your FTP or Web service provider or the Globalscape support team.
SSL Connection Mechanisms
Not all FTP servers that support SSL connections do so correctly or in strict compliance to proposed or approved standards.
Various FTP-over-SSL implementations have been proposed over the past few years. Most do not conform to RFC–2228 or are at odds with the latest IETF (Internet Engineering Task Force) drafts. Typical Implementations include:
Implicit TLS/SSL - This is an SSL connection over a dedicated port (990) registered with the IANA. This approach, while quite common, is not favored by the IETF. CuteFTP supports this implementation for broader compatibility.
Explicit "AUTH SSL" - This is an SSL connection over a standard port (21) using "AUTH SSL" or "AUTH TLS-P" to negotiate the protection mechanism. AUTH TLS-P implicitly sets the protection mechanism and is therefore in direct disagreement with RFC 2228. CuteFTP does support AUTH SSL, and subsequently sets the protection mechanism explicitly using the PROT command and its approved arguments.
Explicit "AUTH TLS" - This is an SSL v3.1 connection over a standard port (21) and explicitly setting the protection mechanism. This is the version that best adheres to RFC 2228, "FTP Security Extensions." This version is supported by CuteFTP and is selected by default when you establish a new SSL connection.
Apart from those mentioned above, CuteFTP does not connect to servers requiring "AUTH TLS-P" or other deprecated SSL connection mechanisms.