FTPS/Implicit SSL connections filter

BorderManager 3.8 on NetWare 5.1 - I have plenty of successful
ftp-port-pasv-st exceptions that I use, but now I need one for an
FTPS/Implicit SSL connection, which *should* user port 990. But when I
define an exception (creating a new packet type, TCP, All source ports to
990, stateful) I'm able to connect, but I cannot browse folders or transfer
files. For grins I even tried making an exception for ALL TCP ports from my
FTP PC to their server - oddly, that wouldn't allow me to connect at ALL.
Drop filters, and I can get it to work just fine. I would do a TCPIP DEBUG =
0, but when I do that, BorderManager usually crashes now, and last time it
crashed, it would immediately abend on reboot, and it took me 4 hours to
crawl out of this hole.
I just recently got brave enough to make new filters again (it was making
them all disappear every time I made a change for the longest time).
Anyone have any experience with this form of FTP? I've done FTP of course,
SFTP, and other secure FTP transfers, but this is the first vendor who want
FTPS/Implicit SSL, which I understand is not nearly as prevalent as Explicit
SSL.
Thanks,
Bruce

On Feb 26, 3:19 pm, "Bruce Lautenschlager" <[email protected]>
wrote:
> Reference the crashes - NDS came up clean after a few passes - and I still
> had the issues.
>
> I ended up running TCPVIEW on the workstation running WS_FTP Pro, and could
> see that the little ******* was opening up various ports from 1700 up.
> Different with every file. That blows. SFTP works on the same ports every
> time - but apparently this wasn't. Whatever. Maybe someday we'll have a realsecurestandard. Right now I transfer about every way known to man,
> including PGP and VPN. (But WS_FTP can't script PGP, hence I do a lot of
> SFTP and now this FTPS).
>
> I ended up making two non stateful exceptions on all ports from myFTPPC to
> theirFTPserver. Not the best solution....but - here's why I just needed
> something to hold me over for a week or two -
>
> After many years of BorderManager (and NetWare servers in general), I'm
> finally getting to do what they hired me for some years back - migrating to
> complete AD environment, including dual ISA 2006 Enterprise servers to
> replace BorderManager. I already did the NWSAA to HIS conversions. ZFD is
> about to give way to Desktop Authority. By next year, only GroupWise will
> remain (and probably not on NetWare OS), and since I only provide the web
> portion of that, what happens to that is of little concern to me.
>
> I appreciate all the help you've doled out over the years - especially Craig
> (and the very helpful book I finally bought a couple of years ago). No
> Novell bashing here...just going in a different direction.
>
> Thanks for your help,
> Bruce
>
> "Craig Johnson" <[email protected]> wrote in message
>
> news:[email protected]...
>
> > In article <[email protected]>, Bruce
> > Lautenschlager wrote:
> >> I just recently got brave enough to make new filters again (it was making
> >> them all disappear every time I made a change for the longest time).
>
> > Sounds like you have some NDS issues there that should be looked at.
>
> >> Anyone have any experience with this form ofFTP? I've doneFTPof
> >> course,
> >> SFTP, and othersecureFTPtransfers, but this is the first vendor who
> >> want
> >> FTPS/Implicit SSL, which I understand is not nearly as prevalent as
> >> Explicit
> >> SSL.
>
> > It seems to me that there are two flavors ofsecureFTP. One uses SSH,
> > and
> > just tunnelsFTPthrough an SSH connection. This is easy since you only
> > need
> > to allow port 22 through. The other seems to be like what you are seeing,
> > and
> > is using different ports than standardFTP, but still working likeFTPin
> > terms
> > of using more than one port (for control versus data). This second type
> > can be
> > very hard to work with since there is no statefulFTPexception to work
> > with
> > it.
>
> > I would solve the TCP debug issue first, and just grab the filtered ports
> > and
> > add exceptions accordingly. If your exception of all TCP to the target
> >server
> > failed, it may be because you also need one for traffic FROM the target
> >server.
> > (And your interface selections may have been done incorrectly in the
> > exception
> > you tried).
>
> > Craig Johnson
> > Novell Support Connection SysOp
> > *** For a current patch list, tips, handy files and books on
> > BorderManager, go tohttp://www.craigjconsulting.com***
The problem here is that each time you do a directory listing or try
to upload/download a file in FTP protocol you are using a passive
client connection. With each passive connection the server assigns a
port that the client should connect to for initiating the transfer.
Unless you specify a port range to use within the FTP server software,
this is generally a random open port on the server > 1024. Naturally,
this can make configuring your firewall a bit more difficult :( The
solution to this is to configure your server to use a fixed port range
for passive FTP connections e.g. 1200-1300. Then in your firewall you
can configure it to allow inbound connections on these ports. Most
servers support passive port range configuration. see your server
docs for details on how to do this. One such platform-independent
server that supports this is jscape secure ftp server ...
http://www.jscape.com/secureftpserver/
Hope this helps.
Rich

Similar Messages

FTP over SSL connectivity in File Adapter

Hi All,
I request your suggestion on my problem. I have a scenario idoc to file where I am connecting to my vendor server throught SFTP (Ftp over SSL). In this my vendor specifically told that to obtain secure FTP connectivity to their server they require a pre-approved Secure FTP client be used to access the service.
So as per this requirement first our XI server need to coneect to the pre-approved client and the connectivity will happen to the vender server. He list the pre-approved client as below
*Cleo Lexicom 2.1
*TrailBlazer ZMOD FTP Client V3R1 PTF Level PFT3100034
*QualEDI for Windows, 32-bit version
*Ascential DataStage TX, Release 7.5
*Future 3 - Advanced Communication Module Plus (ACM Plus)
*eBridge FTPS Communicator for GXS version 5.3
*Ipswitch Inc's WS_FTP Professional version 8.02.
·Robo-FTP version 3.2
Please let me know will this be possible from our file adapter. Currently as per this requirement we open up the port of XI server for SFTP connecvity but through this we can have host to host connection over SFTP and not sure whether we can connect to client software and from their to vendor sever.
Kindly needful your suggestion/solution on this.
Regards,
Dhill

Hi,
Thank you, Yes I have used FTPS only please find the below details given in the communication channel.
FTP Connection Parameters
Server: ServerName
Port : 6366 (specified by vendor)
Data connection : Passive
Timeout(secs) : 65
Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
Keystore: service_ssl
X-509 Certificate and Private Key: ssl-credentials
User Name : Vendor user name
Password: Vendor given password
Connect Mode: Permanantly
Transfer Mode: Text
Maximum Concurrency: 1
and also as per he list given by vendeor we can use *Ipswitch Inc's WS_FTP Professional version 8.02.
Note: We have Deploying the SAP Java Cryptographic Toolkit and also CA certificate used to sign the server certificate added to the TrustedCAs keystore view.
So If possible i request you to kindly provide the details how we need to specify the client software between our XI server and Vender server as you mentioned in your solution.
Please let me know your mail id, i will forward the screenshot of my communication channel.
Kindly appreciate your help on this.
Regards,
Dhill.

Help required in connecting to Implicit SSL FTP server

Hi,
I am working on a scenario of File to Idoc.
Here the File server (FTP server) is using the Implicit SSL protocol which is not supported by PI.
Hence, we thought of using the scripts for this.
Using Script we will move the file from the FTP server to the PI directory & then using NFS protocol in channel, PI will read the file.
Here my query is, is it possible to go for such a design in case of Implicit SSL?
If yes, please let me know how it can be achieved.
I am referring the below blog of writing the scripts in case of SSH protocol:
/people/daniel.graversen/blog/2008/12/11/sftp-with-pi-the-openssh-way
Please let me know if any such blog/material is available for Implicit SSL protocol as well.
Your help is highly appreciated.
-Supriya.

have you tried calling from ABAP ?
Connect FTP Server through R/3
There is something called SAP cryptographic kit which you need to install ,please check this link I am not sure
File has to pass through FTPS connection.. Connection parameters?
Port for Implicit SSL is 990
regards
Ninad

How to use a key file in the FTP Task using and SSL connection

In the past I have used this code to set the FTP pass word in an FTP component task in SSIS.
Does anyone know how to use a Key file in an SSL connection to download a file from an FTP site? If not can you tell me where I can get the C# code examples to learn how to create a script task or if there is another way in SSIS to download large files
from an SSL FTP site? Thank you for any help offered.
public void Main()
ConnectionManager FTPConn;
FTPConn = Dts.Connections["FTPServer"];
FTPConn.Properties["ServerPassword"].SetValue(FTPConn, Dts.Variables["FTPPassword"].Value);
Dts.TaskResult = (int)ScriptResults.Success;
Antonio

You can use SFTP for this.
This is a way of implementing SFTP in SSIS using standard tasks
http://visakhm.blogspot.in/2012/12/implementing-dynamic-secure-ftp-process.html
also see
http://blog.goanywheremft.com/2011/10/20/sftp-ftps-secure-ftp-transfers/
Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs

FTP/SSL Connection Problem for FTP Receiver Adapter

Hello All,
We are trying to establish an FTPS/SSL connection with one of our customers from our XI(Unix) system, and are receive following error:
iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
Communication Channel Parameters:
Connection Security: FTP (FTP Using SSL/TLS) for Control Connection or FTP (FTP Using SSL/TLS) for Control Connection and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
Checkbox - Use X.509 Certificate.... checked (Certificate was provided by third party (customer issued) and uploaded to service_ssl certificate store on J2EE server)
Data Connection: Passive
Port: 10021
Keystore: service_ssl
X.509 Certificate & Private Key: ssl-credentials
Note: Initial handshaking occurs but connection is being dropped by the third party FTP Server when SSL certificate credentials are being validated. We also tried connecting to the third party FTPS server using standard FTPS client(FileZilla software), this connection gets established successfully with no certificate issues which means certificate and third party FTP Server is functioning correctly.
We therefore are thinking that the problem lies with our XI system being unable to load the certificate information correctly at the point when FTPS session is being established.
Your help and suggestions will be greatly appreciated.
Thanks and Best Regards
Prashant Rajani

Hello All,
Further in order to test connection set up and communication channel configuration we tried simulating the FTP connection locally by configuring FTP Server using FileZilla at a local machine and accessed it from Client's XI Server.
This set up simulates the problem we encounter with our customer's FTP Server.
If connection security parameter in communication channel for Sender FTP Adapter is set to "FTPs( FTP Using SSL/TLS) with Control Connection" only, file gets successfully created with data at the FTP server but as soon as we switch the connection security parameter to "FTPs( FTP Using SSL/TLS) with Control and Data Connection", we receive error "Certificate rejected by Chain Verifier". The initial handshaking happens successfully and file gets created at the FTP Server but its empty, connection fails when attempt is made to write data into file and we end up with said error thereby closing the connection.
This is what the FTP (FileZilla) sees when the XI system attempts to set-up a fully encrypted data (FTPS) connection i.e., connection security parameter value as"FTPs( FTP Using SSL/TLS) with Control and Data Connection" :-
- (not logged in) (10.18.106.34)> Connected, sending welcome message...
- (not logged in) (10.18.106.34)> 220-FileZilla Server version 0.9.18 beta
- (not logged in) (10.18.106.34)> 220-written by Tim Kosse ([email protected])
- (not logged in) (10.18.106.34)> 220 Please visit http://sourceforge.net/projects/filezilla/
- (not logged in) (10.18.106.34)> AUTH TLS
- (not logged in) (10.18.106.34)> 234 Using authentication type TLS
- (not logged in) (10.18.106.34)> SSL connection established
- (not logged in) (10.18.106.34)> USER test
- (not logged in) (10.18.106.34)> 331 Password required for test
- (not logged in) (10.18.106.34)> PASS ***********
- test (10.18.106.34)> 230 Logged on
- test (10.18.106.34)> PBSZ 0
- test (10.18.106.34)> 200 PBSZ=0
- test (10.18.106.34)> PROT P
- test (10.18.106.34)> 200 Protection level set to P
- test (10.18.106.34)> SYST
- test (10.18.106.34)> 215 UNIX emulated by FileZilla
- test (10.18.106.34)> PWD
- test (10.18.106.34)> 257 "/" is current directory.
- test (10.18.106.34)> CWD /payment/
- test (10.18.106.34)> 250 CWD successful. "/payment" is current directory.- test (10.18.106.34)> TYPE I
- test (10.18.106.34)> 200 Type set to I
- test (10.18.106.34)> PASV
- test (10.18.106.34)> 227 Entering Passive Mode (10,27,7,103,15,63)- test (10.18.106.34)> STOR BHPDSB20060911-153840-834.txt
- test (10.18.106.34)> 150 Connection accepted
- test (10.18.106.34)> Data connection SSL warning: SSL3 alert read: fatal: bad certificate
- test (10.18.106.34)> Data connection SSL warning: SSL_accept: failed in SSLv3 read client certificate A- test (10.18.106.34)> Data connection SSL warning: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate- test (10.18.106.34)> Data connection SSL warning: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure- test (10.18.106.34)> 426 Connection closed; transfer aborted.- test (10.18.106.34)> QUIT
- test (10.18.106.34)> 221 Goodbye
- test (10.18.106.34)> SSL connection established
Please suggest your valuable inputs if we are missing out something. Any helpful inputs in this regard is highly appreciated.
Thanks and Best Regards
Prashant

Dreamweaver (on Windows 7) wont connect to IIS (v7) Server using "FTP over SSL/TLS..."

I am evauating wether to purchase Dreamweaver CS6...
Dreamweaver CS6 trial (on Windows 7) wont connect to IIS (v7) Server using "FTP over SSL/TLS (explicit encryption)". I have a NEW Godaddy SSL certificate installed on the IIS server.
On connecting Dreamweaver states: "Server Certificate has expired or contains invalid data"
I have tried:
-ALL the Dreamweaver Server setup options
-Using multiple certificates (tried 2048 bit and 4096 bit Godaddy SSL certificates)
-Made sure the certificate 'issued to' domain name matches my domain name.
I am able to connect no problem using Filezilla, with equivalent Filezilla setting "Require explicit FTP over TLS". I can also connect fine using Microsoft Expression web.

Thanks for your prompt reply.
My comments:
1) You should update your tread (forums.adobe.com/thread/889530) to reflect that it still occurs on CS6 (I had already read it but figured it was an old tread and thus should be fixed by now).
2) You said “These warnings will also pop up for your users if you have a store saying the SSL certificate does not match the domain/ip and this can make users checking out in a storefront very nervous” . This does not seem to be correct – my https pages display properly using the same Godaddy certificate … using IE:
3) Godaddy is not my host (I use Amazon AWS) – but the SSL certificate is from them.

Implicit SSL + FTP client???

Hi!
I've been looking for a FTP-client that supports the (not so common in the linux world) standard implicit SSL.
I've been trying IglooFTP, Kasablanca, lftp and kbear and so on..but none have worked...
does anyone have any ideas??
what I have found about implicit ssl, is that it is kind of standard in the windows world ((almost all ftp-clients such as ws_ftp and cuteftp supports it) but not in the rest of the world..

hi there!
found this http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
it is a list of which clients that supprts different ssl-implementations

Implicit SSL

My provider has recently upped security settings to FTP files and I cannot get Dreamweaver CS4 to communicate with it.
According to the posting:
"You have to use Port 990 and Implicit SSL option (All client FTP software have this option) on client FTP software to do FTP on our server."
I can see how to set to Port 990 (Manage Sites/Remote Info/Advanced/Firewall Settings and select "Use Firewall") , but I do not see a selection for Implicit SSL and I cannot connect to the server.
To make certain it is not any other firewall settings, when testing, I turn off my computer firewall (Mac) and the modem (DSL) firewall.
I have tried using Passive FTP, IPv6, Secure FTP (which grays out the Use Firewall option), used the different Server Compatibility options, all without any luck.
Any suggestions?

If Secure FTP is the same as Implicit SSL, then it does not work with this server. To make things even more interesting is that when I select Secure FTP in Dreamweaver, the program grays out the "Use Firewall" selection. Since I cannot connect to the server, I can only conclude that I cannot use the Firewall and select the port to use, and use Implicit SSL at the same time.
Since more and more servers are using non-traditional ports for FTP, this is a major shortcoming of Dreamweaver's ability to keep track of files on the server and I may have to resort to another FTP program instead.

Does XI support FTP over SSL with Command AUTH TLS??

Hi All,
Can we change Command AUTH TLS to AUTH SSL in the Command Order of receiver FTP adapter when you select FTPS (FTP using SSL/TLS) for Controal and Data Connection??
We are able to transfer business documents to bank's FTP server (Following RFC 2228 standards) using WS FTP Pro (I think follows RFC 959 and 1123 standards) which using AUTH SSL in Command order.
We did go through SAP note 821267 (FAQ for XI 3.0 / PI 7.0 File Adapter)...question number 33 address about the "AUTH TLS" command. But we not getting the same error. We get different as in this forum:
Re: Error: Message processing failed: FTPEx: PBSZ=0
Can someone please confirm if this is the issue with FTP RFC standarads?? Or can we coustomize FTPS adapter to send AUTH SSL command??
Thank you,
Indrasena Janga

Dear Andy,
I am also looking for the same information.
Could you please share with ,if u have got anything related....
Hi Experts,
Pls share your exp with us if u have any....
Regards,
Srinivas

Data Transfer Port ranges in FTPS with SSL in File Adapter

Hi,
I would appreciate if you could give me pointers reagrding the below issue.
We are on XI 3.0.
For one interface, I have to configure the FTP File adapter to pick up the files from external server.
The connection is secure and should be FTPS with SSL.
I have the certificate from the 3rd party and have it installed on our XI development server.
The change has been made in our firewall to allow the connection to the host IP and port 21 which is configured at the target party as Explicit FTPS port and they have allowed access to our Server IP in their firewall.
I have configured other FTPS connections and they worked fine but this is the only one that has been giving me so much trouble.
The error i get today is:
Error occurred while connecting to the FTP server "60.234.48.106:21": java.net.SocketException: Connection reset
Yesterday, i got the below error:
Error occurred while connecting to the FTP server "60.234.48.106:21": iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
The Vendor has suggested to get the firewall ports 21 and 28000:30000 (data transfer) to be opened.
He has also provided with the certificate passphrase additionally to the user name and password needed to make the connection.
When i tried the connection from the XI development to the vendor server, via the Telnet, it looked like it worked.
Please advice.
Regards,
Archana

>
Archana Singhai wrote:
> Hi,
> I would appreciate if you could give me pointers reagrding the below issue.
> We are on XI 3.0.
> For one interface, I have to configure the FTP File adapter to pick up the files from external server.
> The connection is secure and should be FTPS with SSL.
> I have the certificate from the 3rd party and have it installed on our XI development server.
> The change has been made in our firewall to allow the connection to the host IP and port 21 which is configured at the target party as Explicit FTPS port and they have allowed access to our Server IP in their firewall.
> I have configured other FTPS connections and they worked fine but this is the only one that has been giving me so much trouble.
> The error i get today is:
> Error occurred while connecting to the FTP server "60.234.48.106:21": java.net.SocketException: Connection reset
> Yesterday, i got the below error:
> Error occurred while connecting to the FTP server "60.234.48.106:21": iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
> The Vendor has suggested to get the firewall ports 21 and 28000:30000 (data transfer) to be opened.
> He has also provided with the certificate passphrase additionally to the user name and password needed to make the connection.
> When i tried the connection from the XI development to the vendor server, via the Telnet, it looked like it worked.
> Please advice.
> Regards,
> Archana
1. Open the port ranges. FTPS usually requires you to open ports in the range of 65024 through 65535 for Passive FTP data
connections
2. Use the CA name in the certificate. it should be same as of the host name of the FTPS server

FTP w/SSL ?

Hello All,
My client need to send and receive the data from Bank systems thorugh FTP over SSH, but they are not ready to buy any third party adapter or any tool to use FTP over SSH as PI doent support FTPS.so i used shell script to send and receive data, but bank is not happy with shell script.
Now client is implementing Proxy server and PI need to send or receive the data using FTP w/ SSL through Proxy server which will be very secure connection for bank details.
to do this scenario , just we need to know the FTP details like:
1)     FTP server IP address
2)     Port
3)     File path and File name
4)     If client is providing the certificate then as my earlier mail we need to install or deploy the certificate.
5)     Login ID and Password for FTP server.
Other then this do we need any other details......... Please let me know as they are using secure proxy server connetion.
Thanks and regards,
Chinna

Hi,
>>FTP over SSH as PI doent support FTPS
PI support FTPS . It si SFTP that PI doent support
>>Now client is implementing Proxy server and PI need to send or receive the data using FTP w/ SSL through Proxy server which will be very secure connection for bank details.
Is it like XI> Proxy server> Bank, and from XI to Proxy server you have FTP connection? and you wan this connectivity to be secure? You question was not clear enough.
As i understood you shoudl have a FTP server in the Proxymachine and PI's FTP adapter will access it through FTP mode. So all these details (FTP server IP address, Port, File path and File name,etc ) will be of the FTP server (which is in the Proxy box)
Regards
Suraj

FTPs ON SSL in PI7.1?

Hello All,
In PI7.1 i think FTPS (FTP using SSL/TLS) is enable, as i can see in adapter one option connection security in that we can select FTPS.
so my question is its already there in PI7.1 so no need to deploy any SAP Java cryptographic toolkit and Add the CA certificate to the key storage.
if iam wrong please suggest me.
if any worked on PI7.1 on FTPS, please let me know.
Thanks,
chinna

Thanks for the reply.
What exactly is this certificated to the keystore
where we can find and where we need to deploy.
Please tell me clearly.iam new to XI and i have to tell the client side to do this all.
so i need to explain them exactly what to do from there side.
Thanks and Regards,
chinna

Cannot download Adobe reader error "Can't establish SSL connection (16248.331.1095.307)"

I have XP x64 SP2 and have tried to download Adobe Reader. I get an error; "Can't establish SSL connection (16248.331.1095.307)" and
then after a couple of these, it closes the download manager.
We are using IE6.0.3790.359 128 cipher
As to the alternate browsers, our corporation will not allow them to be loaded. So we cannot use other browser.
The installation steps are: click get reader, allow activeX, unclick Google bar and click download- simple stuff.
Please refer to the screen shot
Thanks
JPSingh

Assuming that you want the English version of Adobe Reader 9.2, you can download it without download manager from http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.2/enu/AdbeRdr920_en_US.exe
If you're looking for a different version, find it at ftp://ftp.adobe.com/pub/adobe/reader/

Sporadic SSL connection trouble

I happened to run across https://discussions.apple.com/message/5546820, which describes a problem very similar to one I've had troubles with since Mac OS X 10.5 Server and still happens with 10.6.7; I did not experience this with Tiger.
I have a web service written in PHP (v5.3.4) that makes another web service call to a third party web service. The call TO my web service and the call my web service MAKES are both SSL encrypted; neither are going through a proxy. Occasionally, my web service will get a SoapFault raised with the error "Could not connect to host" when instantiating a SoapClient object to connect to the third party web service. We use this web service an average of nearly 1,000 times a day, and of those, only a handful each day gets this exception. I have gone so far as to add code that will make a second attempt to instantiate the SoapClient class when the first fails. Sometimes the second attempt works, but sometimes even it fails.
At one point I moved this process back to 10.4.11 Server (w/PHP v5.2.4), and experienced no errors. I've also ran the same code on a Windows machine with PHP 5.3 installed and it did not experience the problem either. So I don't believe it has anything to do with upgrading PHP from 5.2 to 5.3. I have performed tests from other Macs connecting to one of Amazon's web services over HTTPS, and they too experienced random failures beginning with Leopard. So I don't think it has anything to do with the specific machine on which the process is running. I also tried consuming the Amazon web service over HTTP, and didn't experience the problem.
We have another process (on a different server running 10.5.8) that uses CURL to establish a SSL encrypted connection to a partner's system, and it's randomly failing on curl_exec() with "SSL read: error:00000000:lib(0):func(0):reason(0), errno 54". According to http://curl.haxx.se/libcurl/c/libcurl-errors.html, error 54 means "Failed setting the selected SSL crypto engine as default!".
CURL details:
10.5.8 machine:
curl 7.16.4 (i386-apple-darwin9.0) libcurl/7.16.4 OpenSSL/0.9.7l zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz
10.6.7 machine:
curl 7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: GSS-Negotiate IPv6 Largefile NTLM SSL libz
Neither error can be reproduced at will, but they do happen daily (no particular time of day; it's completely random). It just really sounds like something is wrong with some low level code in the OS dealing with SSL that began with Leopard. Anyone else having similar trouble?

i got the connection to work, and the problem was that the regional settings of the client was set to "Turkish". after changing it to EN, it worked.
(questions 2), 3) and 4) are "answered" herewith).
is there a workaround for the language problem ? (the reg. settings have to be Turkish)
(when set to "Turkish", the JRE parses the cacerts file erroneous (because of the Turkish 'i' character). running the program with "-javax.net.debug=all" parameter prints the trace)
now, i've another question :
when creating a user how do we specify which group the user belongs to ?
a solution for this is to find the group and add the user to the group. is there an attribute of the user which can be set directly at creation time ?
last question :
why does it take so long to get a context with ssl connection ? does anybody know how to make it faster ?
thanks

Cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.

when Update to 10.7.2 ,I cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.
OS:10.7.2
Macbook Pro 2010-mid 13inch

I also have the same problem, however if I use Firefox or Opera sites with ssl connection work fine. Still, I can't use Google Chrome (ssl), Safari (ssl), the Mac app store (generally), or the iTunes store (generally). Both the iTunes store, Safari and the app store won't respond, and Chrome displays this error: (net::ERR_TIMED_OUT). The problem persists regardless of what network I'm using. Also, when trying to access the keychain or iCloud, the process will not start (will hang). I didn't have these problems at all before updating to 10.7.2.
Sometimes rebooting helps, and sometimes not. If the problem disappears by rebooting, then it only lasts a few minutes before it reappears. It is very frustrating, especially since there doesn't seem to be any obvious or consistent way of which to fix it.
I'm also using a Macbook Pro 13-inch mid 2010.

FTPS/Implicit SSL connections filter

Similar Messages

Maybe you are looking for