FTPS and SSL acceleration log messages that may help you determine if the version of SSL is supported.
FTPS client=filezilla 3.4.0
FTP server= Global space EFT 6.3 ftps server
ftps client 220.127.116.11>>>wx 18.104.22.168>>>wan>>>wx 22.214.171.124>>>>>ftps server 126.96.36.199
Problem or Goal:
WXC 590 WXOS version of code 5.7.7
We had a customer who wanted to use SSL acceleration, on the WXC 590 version 5.7.7 with the Filezilla FTPS client; but continually got the following message in the logs, and soft quits in the flow diagnostics:
In the display system log of the client side WX the following message is seen:
This particular SSL version corresponds to value 0x303 in the header. From the code, we do support sslv3, but only up to SSL v3.2 which is TLS v1.1. This value represents TLS 1.2, which is SSL 3.3 and we do not support it.
If you see the above message in the logs for your SSL accelerated flow, that is the reason. We have noted in support, that when using certain FTPS clients, Filezilla for one, that the client sends a SSL client hello with TLS 1.2 and SSL 3.3. This flow is going to soft quit as we do not support it.
We have also noted that CuteFTP sends a SSL client hello on version TLS 1.0 SSL version 3.0, these connections are supported and are accelerated.
Tested versions are:
Failed -Filezilla 3.5.0,Filezilla 2.2.7
Working -CuteFTP home 8.3, CuteFTP pro 8.3
The WX should not be soft quitting the Filezilla SSL client 'hellos'. The WX should be waiting for the SSL server hello, as this is what is going to determine the eligibility of the flow to be accelerated. But currently, the WX is incorrectly soft quitting the flow based upon the SSL client hello.
Workaround: Use CuteFtp Pro or Home instead of Filezilla.