Secure FTP Data Connection Fails to Open with a TCP3D2C

Troubleshooting

Problem

The IBM iSeries family of servers FTP client is unable to successfully open a data connection. A subcommand must be issued by the iSeries family client to get the server to reply with the data encrypted.

Resolving The Problem

The IBM iSeries family of servers FTP client using port 990 is able to connect successfully to a FTP server; however, it then fails when attempting to open a data connection. Message TCP3D2C with RC -11 and -16 is received on the client. A PC client FTPing to the same FTP server does not experience the problem.

A communications trace shows that the server is responding on the data connection in clear text. We are expecting the data to be encrypted. The current RFC4217 supports the FTP to port 21 and then the use of AUTH, PBSZ, and PROT subcommands to set up TLS (SSL). The iSeries family implementation is based upon what was specified in RFC drafts where FTP to port 990 for implicit SSL was supported. These RFC drafts explicitly stated the PBSZ 0 and PROT P were implicitly assumed and that this behavior deviated from RFC2228. A SECDATA P subcommand had to be issued by the client for the server to reply with the data encrypted.

[{"Product":{"code":"SWG60","label":"IBM i"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Communications-TCP","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Historical Number

400758274

Was this topic helpful?

Document Information

Modified date:
18 December 2019

UID

nas8N1015192

Tips