Connection to FTPS fails when UseJSSE is set to yes

,
1

Hello,

I use webMethods 10.1. I have a problem where Integration Server (acting as a client) cannot connect to FTPS server when useJSSE=yes. I use JSSE on purpose because remote FTPS requires TLSv1.1.

Service: pub.client.ftp:login
Parameters
serverHost: xxx.xxx.xxx.xxx
serverPort: 20021
username:
password:
transferType: passive
secure.auth: TLS
secure.useJSSE: yes.

This is the error message:

com.wm.net.ftpCException:[ISC.0064.9001] Could not connect to ftp server: com.wm.net.ftpCException: [ISC.0064.9013]

This is fragment from corresponding Java ssl log on integration server:

INFO | jvm 4 | | HTTP Handler 10.9.xx.xxx, WRITE: TLSv1.2 Handshake, length = 167
INFO | jvm 4 | | HTTP Handler 10.9.xx.xxx, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
INFO | jvm 4 | | HTTP Handler 10.9.xx.xxx, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
INFO | jvm 4 | | HTTP Handler 10.9.xx.xxx, WRITE: TLSv1.2 Alert, length = 2
INFO | jvm 4 | | HTTP Handler 10.9.xx.xxx, called closeSocket()
INFO | jvm 4 | | HTTP Handler 10.9.xx.xxx, called close()
INFO | jvm 4 | | HTTP Handler 10.9.xx.xxx, called closeInternal(true)

Corresponding log from FileZilla FTPS server (I configured it as FTPS for testing purpose):

(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)> Connected on port 20021, sending welcome message…
(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)> 220-FileZilla Server 0.9.60 beta
(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)> 220 Please visit https://filezilla-project.org/
(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)>
(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)> 500 Syntax error, command unrecognized.
(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)> À
(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)> 500 Syntax error, command unrecognized.
(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)> ¼Z1Jý´½w»uP(hÓ]—


(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)> 500 Syntax error, command unrecognized.
(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)> disconnected.
(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)>
(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)> 500 Syntax error, command unrecognized.
(000003)13-Dec-2017 10:47:17 AM - (not logged in) (10.10.XX.XX)> could not send reply, disconnected.

When I disable useJSSE, I can connect to server successfully using TLSv1.0. However, the critical requirement is to use TLSv1.1.

How can I correctly setup FTPS with TLS1.1?
Thanks in advance for your help and suggestions.

Alex

2

This issue is resolved in the FIX 2.

3

We came across similar issue. Can you please let me know the complete fix name?

4

Actually may I also know your IS version. Our’s is IS9.12