When setting TLSRequired
to on
instead of off
in my proftp tls.conf
, I always get a
550 SSL/TLS required on the data channel
error when trying to connect. I tried it out with both filezilla and winscp and proftpd versions 1.3.3a
and 1.3.4a
This is my tls.conf:
<IfModule mod_tls.c>
TLSEngine on
TLSProtocol SSLv23 TLSv1
TLSRSACertificateFile /etc/ssl/private/cert.crt
TLSRSACertificateKeyFile /etc/ssl/private/cert.key
TLSVerifyClient off
TLSRequired on
</IfModule>
The error occurs after executing the FTP-LIST
command. This is a short excerpt from the debug log in filezilla:
Command: PASV
Trace: CFtpControlSocket::OnReceive()
Response: 227 Entering Passive Mode (78,46,187,75,208,71).
Trace: CFtpControlSocket::TransferParseResponse()
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Command: LIST
Trace: CFtpControlSocket::OnReceive()
Response: 550 SSL/TLS required on the data channel
Trace: CFtpControlSocket::TransferParseResponse()
Trace: CFtpControlSocket::ResetOperation(2)
Trace: CControlSocket::ResetOperation(2)
Trace: CFtpControlSocket::ParseSubcommandResult(2)
Trace: CFtpControlSocket::ListSubcommandResult()
Trace: CFtpControlSocket::ResetOperation(2)
Trace: CControlSocket::ResetOperation(2)
Error: Directory listing could not be retrieved
Best Answer
I recently had a similar problem but not with filezilla. When I use "Filezilla" as my ftp client all was good. But for some reason phpstorm's internal ftp client had the above issue, it could connect but cannot list the directory.
In proftpd.conf I used the following config and now phpstorm's ftp client can connect to the ftp server. However, data channel is not required to be encrypted with the below option:
Another possible solution could be flipping the ftp connection to "passive" since this is a directory listing issue.