I've made an interesting discovery that is mentioned in part on other posts in other forums. This involves IIS; however, I believe the issue rests with the Windows Server 2012 OS.
Here's the scenario.
Client:
- Windows 8
- almost any FTP client
Server:
- Windows Server 2012
- FTP site hosted in IIS 8
Problem:
The client connects to the FTP site via FTPS (regular FTP works). The connection is successful, and the client is able to list the directories and download content. However, the client cannot upload anything to the FTP site.
Error: 550 The supplied message is incomplete. The signature was not verified.
Any of the following modifications to the scenario will allow the client to upload content:
- changing the client OS to Windows 7
- changing the server OS to Windows 2008 or 2008 R2 (IIS7+)
- changing the FTP client to CoreFTP (I've tried FileZilla, the Microsoft FTP client, SmartFTP, and WinSCP)
I found this post regarding FileZilla that states there is an SSL cipher ordering issue with Windows Server 2012 and IIS8 for FTP clients using explicit TLS:http://trac.filezilla-project.org/ticket/7910
Their "solution" points to an MSDN blog post here: http://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
This states that you need to reorder the SSL ciphers with TLS_RSA_WITH_RC4_128_SHA as the highest priority; however, there is a limitation to the text file where you order the ciphers, 1023 characters, which is less than the total number of characters for all ciphers. This means you must know which ciphers will be needed and in which order as to not break anything else. That's not a viable workaround.
Does anyone know if there is a patch coming down to fix this, or are there any more viable workarounds? One would think a Windows 8 client should be able to connect via FTP with explicit TLS to an FTP hosted in IIS8 on Windows Server 2012 to upload content.
- Edited by TSJeff Thursday, October 10, 2013 8:08 PM