Trying to connect to a ftpserver via a proxy which doesn't support SSL/TSL fails because Smartftp transfers the port of Secure Socket Layer. As a result proxy aborts the connection.
SSL is an optional but not required feature. Bare FTP should work without the necessity to communicate a SSL port.
Greetings
If required logfiles can be delivered
mb
Please post a complete bug report.
Thanks
milka34
+- System -----------------------------
Microsoft Windows NT Workstation
version 4.0 Service Pack 6 (Build 1381)
CPU Speed : 532 MHz
Total Memory : 130416 KB
Free Memory : 54588 KB
+- SmartFTP ---------------------------
Version : 1.0.979.1
Time Stamp : 2003-09-17 13:37:55
- proxy: http, localhost, port 5865, (is NTLM Proxy)
- address type: FTP (neither SSL implicit and nor SSL explicit)
Steps:
- open connection to *.no-ip.org (server is behind NAT, isn't relevant because connection fails at proxy on client side)
connection fails with following error:
HTTP/1.1 502 Proxy Error ( The specified Secure Sockets
Layer (SSL) port is not allowed. ISA Server is not
configured to allow SSL requests from this port. Most
Web browsers use port 443 for SSL requests. )
I'm aware of the regarding KB article of Microsoft regarding ISA server (this is a MS Proxy message) but, I think, if I want to open a bare FTP connection without SSL/TLS authorization, the SSL port mustn't be transmitted to the proxy.
I hope the information is sufficient. If not let me know, please.
Thanks
Achim
attached you find smartftp log. If wanted I can deliver the Proxy log.
************************************************************
***********************************
* SESSION STARTED AT 26.Sep.2003 17:38:23
************************************************************
***********************************
Resolving host name localhost...
Resolving host name ftpserver.no-ip.org...
Connecting to Proxy (localhost) -> IP: 127.0.0.1 PORT:
5865
Connected to Proxy (localhost) -> Time = 63ms
HTTP/1.1 502 Proxy Error ( The specified Secure Sockets
Layer (SSL) port is not allowed. ISA Server is not
configured to allow SSL requests from this port. Most
Web browsers use port 443 for SSL requests. )
Cannot login waiting to retry (30s)...
Connection closed.
************************************************************
***********************************
* SESSION CLOSED AT 26.Sep.2003 17:38:47
************************************************************
***********************************
mb
Thanks
The problem is with the destination port. Your proxy denies to make a connection to this port.
-Mat
milka34
Yes, you maybe are right. But the question is why smartftp tries to open a SSL port if the connection type is 'bare ftp' (no SSL)??
I think smartftp shouldn't try to connect to a SSL port with this connection type.
I try to explain to whole 'authorities' involved.
client (smartftp) connects to a NTLM proxy (this to superate the MS proxy authentification)
NTLM proxy connects to MS Proxy
MS Proxy connects to NAT (NAT at home)
NAT forwards to ftp server (it's my server at home)
My ftp server at home isn't configured to support SSL so a try with an SSL connection (SSL explicit) fails correctly.
But a ftp connection without SSL should pass all authorities without problems.
I repeat, I think smartftp shouldn't try to connect to a SSL port anyway. Tell me, if you see a flaw in my conclusion.
(By the way with IE or another client it works out ...)
Anyway thanks for your support and prompt reactions
milka34
Will the problem be fixed in the next version?
Thanks
mb
There's no problem with SmartFTP as far as I can see. Your proxy rejects connections to ports different than 80, 443.
-Mat
halden1
Hi have just installed ISA 2004 with the above problem.