I can reproduce this with Windows 10 but I don't have a development environment there. Windows 7 I can't reproduce because the handshake fails with SEC_E_ILLEGAL_MESSAGE. curl w/ OpenSSL seems to work fine.
With OpenSSL there's a close_notify sent by the server, followed by a close_notify immediately sent by the client. With Schannel there's a close_notify sent by the server, then a hang for the timeout period, then a close_notify sent by the client. Perhaps the server is waiting for a reply to the close_notify?
We don't have a way to decrypt Schannel in Wireshark, and even if we did Wireshark doesn't decrypt SSL upgraded FTP connnections, so it may be more complicated than this.
If I change the command to
curl --ftp-ssl -m30 -u"neveis_read_only:ZK8K3w6RZLrcQgmC8j5CWBX" --output bob.file "ftp://lio.bun.am:21/composer.phar”
the file is downloaded and then the command pends until the timeout occurs, so it is not LIST-specific.
By the way, the username and password have been intentionally exposed - it provides limited read-only access.
And as Jay noted in his email, this is schannel specific - the commands work fine for example on macOS using:
curl 7.64.1 (x86_64-apple-darwin19.0) libcurl/7.64.1 (SecureTransport) LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.39.2
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL UnixSockets
Tel: 01728 603011 | Email: firstname.lastname@example.org <mailto:email@example.com>
Omnis Software Ltd | www.omnis.net
Carlton Park House, Carlton Park Estate, Saxmundham IP17 2NL
On 23 Apr 2020, at 07:07, Daniel Stenberg ***@***.***> wrote:
Note that you've now exposed username and password to the world in that log file.
Does this happen against other FTPS servers too, you know? If you try to download a single file from this server, does it repro the problem (ie is this problem LIST-specific)?
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#5284 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AH6MNAFRBIUP4CB322FRMCTRN7LLTANCNFSM4MOX35NQ>.