Unable to get implicit FTPS connection on linux

[delasource]

FTP OS: Debian 10 client, Windows Server

FTP Server: FileZilla Server (managed by other company)

Computer OS: Debian 10

FluentFTP Version: 32.2.2 via nuget

I wrote a program on my windows machine and it works fine. However, as it got deployed on a debian 10 server (same dotnet core version 3.1.102) the execution of Connect() fails by timeout. The last line of the # Connect() log below stays for (length of "ConnectTimeout") and nothing more happens.

Can confirm that the server should have responded the correct message. The server is configured to strictly only allow connections on the specific ports (990-993) and only to my IP.

The connection is established, i can tell because i am able to download the actual SSL certificate and chain when i define a custom ValidateCertificate eventhandler. So it is not a firewall problem.

Also i tried the library CoreFtp which works exactly as expected. But sadly is not that "fluent" to use like this one.

I tried reproducing it:

• Install a fresh and up-to-date Debian 10 virtual machine on my workstation (Hyper-V)
• Install dotnet core sdk, build and run the project
• Same results
• Strangly i discovered that my vm (with GNOME desktop) was able to connect via filezilla (GUI) to the server AND sometimes (like 1%) the connection via my program works. On another Debian 10 VM without GUI there was always the same result/abort as seen in the logs below.

My suggestion is that it has to do with connections via implicit FTPS, the port negotiation or the SSL certification, but since there is no further log, i can't tell. Maybe you can.

It may still be a problem with the servers firewall, but since this is a third partys network infrastructure i can't tell. I have added the filezilla server configuration that i have from the network admin below.

Client config:

using var client = new FtpClient
{
    Host = server, // hostname or ip
    Port = 990,
    Credentials = new NetworkCredential(user, pass),
    EncryptionMode = FtpEncryptionMode.Implicit,
    DataConnectionEncryption = true,
    ValidateAnyCertificate = true,
    ReadTimeout = 30000,
    ConnectTimeout = 30000,
    //ActivePorts = new[] { 991, 992, 993 }, // doesnt matter, we dont even get to data transfering
    //SslProtocols = SslProtocols.Tls12, // tried every possibility
    //DataConnectionType = FtpDataConnectionType.AutoPassive, // same results either way
};
client.Connect();
// we dont get here.

Logs :

# Connect()
Status:   Connecting to ***:990
Status:   FTPS Authentication Successful
Status:   Time to activate encryption: 0h 0m 0s.  Total Seconds: 0.2251462.

# Dispose()
Status:   Disposing FtpClient object...
Status:   Testing connectivity using Socket.Poll()...
Command:  QUIT
Warning:  FtpClient.Disconnect(): Exception caught and discarded while closing control connection: System.IO.IOException: The decryption operation failed, see inner exception.
 ---> Interop+OpenSsl+SslException: Decrypt failed with OpenSSL error - SSL_ERROR_SSL.
 ---> Interop+Crypto+OpenSslCryptographicException: error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac
   --- End of inner exception stack trace ---
   at Interop.OpenSsl.Decrypt(SafeSslHandle context, Byte[] outBuffer, Int32 offset, Int32 count, SslErrorCode& errorCode)
   at System.Net.Security.SslStreamPal.EncryptDecryptHelper(SafeDeleteContext securityContext, ReadOnlyMemory`1 input, Int32 offset, Int32 size, Boolean encrypt, Byte[]& output, Int32& resultSize)
   --- End of inner exception stack trace ---
   at System.Net.Security.SslStream.ReadAsyncInternal[TReadAdapter](TReadAdapter adapter, Memory`1 buffer)
   at System.Net.Security.SslStream.Read(Byte[] buffer, Int32 offset, Int32 count)
   at FluentFTP.FtpSocketStream.Read(Byte[] buffer, Int32 offset, Int32 count)
   at FluentFTP.FtpSocketStream.ReadLine(Encoding encoding)
   at FluentFTP.FtpClient.GetReply()
   at FluentFTP.FtpClient.Execute(String command)
   at FluentFTP.FtpClient.Disconnect()
Status:   Disposing FtpSocketStream...
Status:   Disposing FtpSocketStream...
System.IO.IOException: Unable to read data from the transport connection: Connection timed out.
 ---> System.Net.Sockets.SocketException (110): Connection timed out
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   --- End of inner exception stack trace ---
   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.IO.BufferedStream.Read(Byte[] array, Int32 offset, Int32 count)
   at System.Net.Security.SslStream.FillBufferAsync[TReadAdapter](TReadAdapter adapter, Int32 minSize)
   at System.Net.Security.SslStream.ReadAsyncInternal[TReadAdapter](TReadAdapter adapter, Memory`1 buffer)
   at System.Net.Security.SslStream.Read(Byte[] buffer, Int32 offset, Int32 count)
   at FluentFTP.FtpSocketStream.Read(Byte[] buffer, Int32 offset, Int32 count)
   at FluentFTP.FtpSocketStream.ReadLine(Encoding encoding)
   at FluentFTP.FtpClient.GetReply()
   at FluentFTP.FtpClient.Handshake()
   at FluentFTP.FtpClient.Connect()
   at TestTerminal.Program.Main(String[] args) in C:\prg\...\Program.cs:line 74

[robinrodricks]

Is it this : #347

Can you try Explicit TLS/SSL

[robinrodricks]

Seems to be upstream error with .NET Core

• .NET Core 3.0 Preview 8 "SSL Handshake failed with OpenSSL error" when running via linux docker container dotnet/runtime#30667
• SslStream bug on Linux/OSX: Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error dotnet/runtime#22578
• SSL TLS protocol mis-match not handled cleanly on Linux dotnet/runtime#25582

[robinrodricks]

Also try AutoDetect/AutoConnect methods on FtpClient and see if it finds a working profile.

[robinrodricks]

When you respond I will reopen this.

[tonykaralis]

@genyx what was your fix in the end? We are experiencing the same issue.

[delasource]

@tonykaralis as mentioned above, i use CoreFtp