我在一个关于 FTPS 的网站上读到这个:
当连接到 FTPS 服务器时,FTPS 客户端首先会验证服务器证书的可信度。
当 FTP 客户端被配置为使用带有隐式TLS 的 FTPS 时,它如何获取 FTP 服务器的证书?有人可以逐步说明那里发生的事情吗?
我在一个关于 FTPS 的网站上读到这个:
当连接到 FTPS 服务器时,FTPS 客户端首先会验证服务器证书的可信度。
当 FTP 客户端被配置为使用带有隐式TLS 的 FTPS 时,它如何获取 FTP 服务器的证书?有人可以逐步说明那里发生的事情吗?
我们使用 MoveIT 连接的供应商要求我们将连接从显式更新为隐式。我们将自动化工具与 MoveIT 结合使用,从中下载/上传文件。
我已将连接从显式更改为隐式,并手动尝试连接但收到错误“安全握手失败”,但当我以隐式模式手动连接 WinSCP 时,我成功了。我还能够以显式模式连接到另一个供应商而没有任何问题,因此在隐式模式下连接时我缺少连接。
连接曾经是(手动连接时):
FTPS -a -e:on -s:"script" -z -user:user -password:password ftp.site 2010
新连接更改为(手动连接时):
FTPS -a -e:implicit -s:"script" -z -user:user -password:password ftp.site 2010
所需的端口是 2010。我还删除了 -z 参数以查看是否发生了该参数抑制的任何错误,但除了已经显示的内容之外没有发生任何错误。
在与 MoveIT Freely 连接时,似乎没有生成日志的方法。
. 2019-08-09 12:05:59.848 --------------------------------------------------
------------------------
. 2019-08-09 12:05:59.848 WinSCP Version 5.15.1 (Build 9407) (OS 6.1.7601
Service Pack 1 - Windows Server 2008 R2 Standard)
. 2019-08-09 12:05:59.848 Configuration: E:\Program Files\WinSCP\WinSCP.ini
. 2019-08-09 12:05:59.848 Log level: Normal
. 2019-08-09 12:05:59.848 Local account: xxxx
. 2019-08-09 12:05:59.848 Working directory: E:\Program Files\WinSCP
. 2019-08-09 12:05:59.848 Process ID: 2388
. 2019-08-09 12:05:59.848 Command-line: "E:\Program Files\WinSCP\WinSCP.exe"
. 2019-08-09 12:05:59.848 Time zone: Current: GMT-6, Standard: GMT-7
(Mountain Standard Time), DST: GMT-6 (Mountain Daylight Time), DST Start:
3/10/2019, DST End: 11/3/2019
. 2019-08-09 12:05:59.848 Login time: August 09, 2019 12:05:59 PM
. 2019-08-09 12:05:59.848 --------------------------------------------------
------------------------
. 2019-08-09 12:05:59.848 Session name: SessionName (Modified site)
. 2019-08-09 12:05:59.848 Host name: XXXXX (Port: 2010)
. 2019-08-09 12:05:59.848 User name: xxxxx (Password: Yes, Key file: No,
Passphrase: No)
. 2019-08-09 12:05:59.848 Transfer Protocol: FTP
. 2019-08-09 12:05:59.848 Ping type: Dummy, Ping interval: 30 sec; Timeout:
15 sec
. 2019-08-09 12:05:59.848 Disable Nagle: No
. 2019-08-09 12:05:59.848 Proxy: None
. 2019-08-09 12:05:59.848 Send buffer: 262144
. 2019-08-09 12:05:59.848 UTF: Auto
. 2019-08-09 12:05:59.848 FTPS: Implicit TLS/SSL [Client certificate: No]
. 2019-08-09 12:05:59.848 FTP: Passive: Yes [Force IP: Auto]; MLSD: Auto
[List all: Auto]; HOST: Auto
. 2019-08-09 12:05:59.848 Session reuse: Yes
. 2019-08-09 12:05:59.848 TLS/SSL versions: TLSv1.0-TLSv1.2
. 2019-08-09 12:05:59.848 Local directory: default, Remote directory: home,
Update: No, Cache: Yes
. 2019-08-09 12:05:59.848 Cache directory changes: Yes, Permanent: Yes
. 2019-08-09 12:05:59.848 Recycle bin: Delete to: No, Overwritten to: No,
Bin path:
. 2019-08-09 12:05:59.848 Timezone offset: 0h 0m
. 2019-08-09 12:05:59.848 --------------------------------------------------
------------------------
. 2019-08-09 12:05:59.864 Connecting to xxxxx:2010 ...
. 2019-08-09 12:05:59.864 Connected with xxxxx:2010, negotiating TLS
connection...
. 2019-08-09 12:05:59.879 Verifying certificate for "xxxxx." with
fingerprint e4:95:b2:74:84:83:3f:b7:b9:b5:68:75:c5:df:f4:72:93:1d:70:c0 and
19 failures
. 2019-08-09 12:05:59.879 Certificate common name "xxxxx" matches hostname
. 2019-08-09 12:05:59.879 Certificate for "xxxxxx" matches cached
fingerprint and failures
. 2019-08-09 12:05:59.879 Using TLSv1.2, cipher TLSv1/SSLv3: AES256-GCM-
SHA384, 2048 bit RSA, AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA
Enc=AESGCM(256) Mac=AEAD
. 2019-08-09 12:05:59.910 TLS connection established. Waiting for welcome
message...
< 2019-08-09 12:05:59.910 220-xxxxx X2 WS_FTP Server 8.0.1(01361057)
< 2019-08-09 12:05:59.910 This ftp site and all data accessed from this
site are considered proprietary and are solely intended for
< 2019-08-09 12:05:59.910 authorized users only. Use of this site and all
applications accessed from this site implies you have received proper
< 2019-08-09 12:05:59.910 authorization, have agreed to comply with all
security policies, and are consenting to have all activity monitored.
< 2019-08-09 12:05:59.910 220 xxxxxxx X2 WS_FTP Server 8.0.1(01361057)
> 2019-08-09 12:05:59.910 USER xxxxx
< 2019-08-09 12:05:59.910 331 Enter password
> 2019-08-09 12:05:59.910 PASS ********
< 2019-08-09 12:05:59.910 230 User logged in
> 2019-08-09 12:05:59.910 SYST
< 2019-08-09 12:05:59.910 215 UNIX
> 2019-08-09 12:05:59.910 FEAT
< 2019-08-09 12:05:59.910 211-Extensions supported
< 2019-08-09 12:05:59.910 SIZE
< 2019-08-09 12:05:59.910 XMD5
< 2019-08-09 12:05:59.910 XSHA1
< 2019-08-09 12:05:59.910 XSHA256
< 2019-08-09 12:05:59.910 XSHA512
< 2019-08-09 12:05:59.910 XQUOTA
< 2019-08-09 12:05:59.910 LANG EN, ES, FR, GE
< 2019-08-09 12:05:59.910 MDTM
< 2019-08-09 12:05:59.910 MLST size*;type*;perm*;create*;modify*;
< 2019-08-09 12:05:59.910 REST STREAM
< 2019-08-09 12:05:59.910 TVFS
< 2019-08-09 12:05:59.910 UTF8
< 2019-08-09 12:05:59.910 AUTH SSL;TLS-P;
< 2019-08-09 12:05:59.910 PBSZ
< 2019-08-09 12:05:59.910 PROT C;P;
< 2019-08-09 12:05:59.910 211 end
> 2019-08-09 12:05:59.910 OPTS UTF8 ON
< 2019-08-09 12:05:59.910 200 Command OPTS succeed
> 2019-08-09 12:05:59.910 PBSZ 0
< 2019-08-09 12:05:59.910 200 PBSZ=0
> 2019-08-09 12:05:59.910 PROT P
< 2019-08-09 12:05:59.910 200 PRIVATE data channel protection level set
. 2019-08-09 12:05:59.926 Connected
. 2019-08-09 12:05:59.926 --------------------------------------------------
------------------------
. 2019-08-09 12:05:59.926 Using FTP protocol.
. 2019-08-09 12:05:59.926 Doing startup conversation with host.
> 2019-08-09 12:05:59.942 PWD
< 2019-08-09 12:05:59.942 257 "/" is current directory
. 2019-08-09 12:05:59.942 Getting current directory name.
. 2019-08-09 12:05:59.988 Retrieving directory listing...
> 2019-08-09 12:05:59.988 TYPE A
< 2019-08-09 12:05:59.988 200 Transfer mode set to ASCII
> 2019-08-09 12:05:59.988 PASV
< 2019-08-09 12:05:59.988 227 Entering Passive Mode (198,161,254,236,7,219).
> 2019-08-09 12:05:59.988 MLSD
. 2019-08-09 12:05:59.988 Connecting to 198.161.254.236:2011 ...
< 2019-08-09 12:05:59.988 150 Transferring directory
. 2019-08-09 12:05:59.988 Session ID reused
. 2019-08-09 12:05:59.988 Using TLSv1.2, cipher TLSv1/SSLv3: AES256-GCM-
SHA384, 2048 bit RSA, AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA
Enc=AESGCM(256) Mac=AEAD
. 2019-08-09 12:05:59.988 TLS connection established
< 2019-08-09 12:06:00.472 226 Transfer completed
. 2019-08-09 12:06:00.472 Data connection closed
. 2019-08-09 12:06:00.472
size=0;type=cdir;create=20150812082558;modify=20150812082558; .
. 2019-08-09 12:06:00.472
size=0;type=pdir;create=20150812082558;modify=20150812082559; ..
. 2019-08-09 12:06:00.472
size=0;type=dir;create=20150812082558;modify=20160921165245; ab91-inwes001
. 2019-08-09 12:06:00.472
size=0;type=dir;create=20150812082558;modify=20150812081738; users
. 2019-08-09 12:06:00.472
size=0;type=dir;create=20080613072531;modify=20190808225416; eroworksftp
. 2019-08-09 12:06:00.472
size=0;type=dir;create=20090806092745;modify=20190301231156; eroworksftp-
ewks
. 2019-08-09 12:06:00.472
size=0;type=dir;create=20131213072011;modify=20190808192101; ewks-cofuploads
. 2019-08-09 12:06:00.472
size=0;type=dir;create=20160330121521;modify=20160330121521; a553p
. 2019-08-09 12:06:00.472
size=0;type=dir;create=20160330121234;modify=20160330121234; a548p
. 2019-08-09 12:06:00.472
size=0;type=dir;create=20160114113714;modify=20160114113714; a553t
. 2019-08-09 12:06:00.472
size=0;type=dir;create=20160114113249;modify=20160114113250; a548t
. 2019-08-09 12:06:00.472
size=0;type=dir;create=20160330121647;modify=20161125100808; A555P
. 2019-08-09 12:06:00.472
size=0;type=dir;create=20160114114322;modify=20160114114322; a559t
. 2019-08-09 12:06:00.472
size=0;type=dir;create=20160330121757;modify=20160330121757; a559p
. 2019-08-09 12:06:00.472 Directory listing successful
. 2019-08-09 12:06:00.472 ..;D;0;1899-12-30T07:00:00.000Z;0;"" [0];"" [0];--
-------;0
. 2019-08-09 12:06:00.472 ab91-inwes001;D;0;2016-09-21T16:52:45.000Z;3;""
[0];"" [0];---------;0
. 2019-08-09 12:06:00.472 users;D;0;2015-08-12T08:17:38.000Z;3;"" [0];""
[0];---------;0
. 2019-08-09 12:06:00.472 eroworksftp;D;0;2019-08-08T22:54:16.000Z;3;""
[0];"" [0];---------;0
. 2019-08-09 12:06:00.472 eroworksftp-ewks;D;0;2019-03-01T23:11:56.000Z;3;""
[0];"" [0];---------;0
. 2019-08-09 12:06:00.472 ewks-cofuploads;D;0;2019-08-08T19:21:01.000Z;3;""
[0];"" [0];---------;0
. 2019-08-09 12:06:00.472 a553p;D;0;2016-03-30T12:15:21.000Z;3;"" [0];""
[0];---------;0
. 2019-08-09 12:06:00.472 a548p;D;0;2016-03-30T12:12:34.000Z;3;"" [0];""
[0];---------;0
. 2019-08-09 12:06:00.472 a553t;D;0;2016-01-14T11:37:14.000Z;3;"" [0];""
[0];---------;0
. 2019-08-09 12:06:00.472 a548t;D;0;2016-01-14T11:32:50.000Z;3;"" [0];""
[0];---------;0
. 2019-08-09 12:06:00.472 A555P;D;0;2016-11-25T10:08:08.000Z;3;"" [0];""
[0];---------;0
. 2019-08-09 12:06:00.472 a559t;D;0;2016-01-14T11:43:22.000Z;3;"" [0];""
[0];---------;0
. 2019-08-09 12:06:00.472 a559p;D;0;2016-03-30T12:17:57.000Z;3;"" [0];""
[0];---------;0
. 2019-08-09 12:06:00.519 Startup conversation with host finished.