phpshtorm not connecting to ftps with TLS?

A

Andrew Romanov2018-02-22 16:32:44

FTP

Andrew Romanov, 2018-02-22 16:32:44

Good afternoon, a pure-ftpd server with TLS support has been set up:
TLS - 2
TLSCipherSuite - ALL
Certificate purchased from the registrar

When connecting via PhpShtorm, I get the following log:

spoiler

2018-02-22 20:54:04,060 [ 552110]  DEBUG - t.connections.RemoteConnection - Opening connection to ftps://************:***/ in @5a93a058 
2018-02-22 20:54:04,065 [ 552115]  DEBUG - ains.plugins.webDeployment.ftp - 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 15 of 1000 allowed.
220-Local time is now 20:54. Server port: ***.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity. 
2018-02-22 20:54:04,065 [ 552115]  DEBUG - ains.plugins.webDeployment.ftp - AUTH TLS 
2018-02-22 20:54:04,066 [ 552116]  DEBUG - ains.plugins.webDeployment.ftp - 234 AUTH TLS OK. 
2018-02-22 20:54:04,118 [ 552168]  DEBUG - ains.plugins.webDeployment.ftp - USER shop_neuron 
2018-02-22 20:54:04,119 [ 552169]  DEBUG - ains.plugins.webDeployment.ftp - 331 User ******* OK. Password required 
2018-02-22 20:54:04,119 [ 552169]  DEBUG - ains.plugins.webDeployment.ftp - PASS *** 
2018-02-22 20:54:04,142 [ 552192]  DEBUG - ains.plugins.webDeployment.ftp - 230 OK. Current restricted directory is / 
2018-02-22 20:54:04,142 [ 552192]  DEBUG - ains.plugins.webDeployment.ftp - TYPE I 
2018-02-22 20:54:04,142 [ 552192]  DEBUG - ains.plugins.webDeployment.ftp - 200 TYPE is now 8-bit binary 
2018-02-22 20:54:04,142 [ 552192]  DEBUG - ains.plugins.webDeployment.ftp - CWD / 
2018-02-22 20:54:04,143 [ 552193]  DEBUG - ains.plugins.webDeployment.ftp - 250 OK. Current directory is / 
2018-02-22 20:54:04,143 [ 552193]  DEBUG - ains.plugins.webDeployment.ftp - PBSZ 0 
2018-02-22 20:54:04,143 [ 552193]  DEBUG - ains.plugins.webDeployment.ftp - 200 PBSZ=0 
2018-02-22 20:54:04,143 [ 552193]  DEBUG - ains.plugins.webDeployment.ftp - PROT P 
2018-02-22 20:54:04,144 [ 552194]  DEBUG - ains.plugins.webDeployment.ftp - 200 Data protection level set to "private" 
2018-02-22 20:54:04,144 [ 552194]  DEBUG - ains.plugins.webDeployment.ftp - FEAT 
2018-02-22 20:54:04,144 [ 552194]  DEBUG - ains.plugins.webDeployment.ftp - 211-Extensions supported:
 EPRT
 IDLE
 MDTM
 SIZE
 MFMT
 REST STREAM
 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
 MLSD
 AUTH TLS
 PBSZ
 PROT
 UTF8
 TVFS
 ESTA
 PASV
 EPSV
 SPSV
211 End. 
2018-02-22 20:54:04,145 [ 552195]  DEBUG - ains.plugins.webDeployment.ftp - PORT *,*,*,*,243,114 
2018-02-22 20:54:04,145 [ 552195]  DEBUG - ains.plugins.webDeployment.ftp - 200 PORT command successful 
2018-02-22 20:54:04,145 [ 552195]  DEBUG - ains.plugins.webDeployment.ftp - MLSD 
2018-02-22 20:54:04,147 [ 552197]  DEBUG - ains.plugins.webDeployment.ftp - 150 Connecting to port 62322 
2018-02-22 20:54:04,199 [ 552249]   INFO - ains.plugins.webDeployment.ftp - java.net.SocketException: Connection closed by remote host 
2018-02-22 20:54:04,203 [ 552253]  DEBUG - ains.plugins.webDeployment.ftp - 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------

But when connected via WinSCP, everything goes well and you can work with files.

PhpShtorm settings:

****.******.***
port: ***
Root: /
explit 
no passiv(в локальной сети)
passiv(во внешней сети)
Кодировка UTF8
Остальное стандартное

WinSCP Settings

FTP с явным TLS
Не пасивный (в локальной сети)
Пасивный (из вне)

server log when connecting Phpshtorm

New connection from *
Command [auth] [TLS]
TLS: Enabled TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher
Command [user] [private]
Command [pass] [<*>]
shop_neuron is now logged in
Command [type] [I]
Command [pbsz] [0]
Command [prot] [P]
Command [feat] []
Command [port] [не нужные, правильные цифры]
Command [mlsd] []
и всё

log when connecting via WinSCP

New connection from *
Command [auth] [TLS]
TLS: Enabled TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher
Command [user] [private]
Command [pass] [<*>]
shop_neuron is now logged in
Command [syst] []
Command [feat] []
Command [opts] [UTF8 ON]
Command [pbsz] [0]
Command [prot] [P]
Command [pwd] []
Command [cwd] [/]
Command [pwd] []
Command [type] [A]
Command [port] [не нужные, правильные цифры]
Command [mlsd] []
TLS: Enabled TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher
... и дальше команды по обмену файлами

In fact, the difference is that phpstorm did not transfer utf8, it has type - RAW (for WinSCP - ASCI), and it did not cwd to the

directory was already authorized)

At the same time, I have another ftp server on the network with similar settings, but phpshtorm connects to it and asks for certificate confirmation, and the commands to mlsd are similar

UPD:
It got to the point that phpshtorm tries to connect with a low level of encryption (ECDHE -RSA-AES128-GCM-SHA256, 128) for file transfer, although this level is sufficient for command transfer)

And phpshtorm started connecting when data encryption was disabled:
Advanced option -> Protecr data chennel - [No protection(PROT C)]
This is a sign that it's time to switch to deploy via docker)

UPD2:
How to say it correctly

And the casket just opened)

pureftp has a BrokenClientsCompatibility setting that enables support for broken clients.