Dear Alexander ,

First of all , thanks for your reply.

Axway server is set up with 2 ciphers.
RSA_With_AES_128_CBC_SHA ( and RSA_With_3DES_EDE_CBC_SHA )

Below you may find my latest lftp test ( I think it evolved positively since the latest session I have sent to you , but it still does not work )

At the end you may find a tracefile of a successful session with Curl.
Perhaps this could help to debug lftp sessions ?

# cat lftptest.sh
lftp -e 'debug 20;set ftp:ssl-auth SSL;set ssl:verify-certificate no;set ftp:ssl-protect-data true;set ftp:ssl-force true;set ftp:passive-mode true;set ssl:ca-file /home/bag.crt;set ssl:cert-file /home/pub.crt;set ssl:key-file /home/priv.key;set -a;pwd' -u XXXXX,XXXX -p XXXX ftp://XXXXXXXXXXXXXX

# ./lftptest.sh
FileCopy(0x12f9b50) enters state INITIAL
FileCopy(0x12f9b50) enters state DO_COPY
copy: get hit eof
copy: waiting for put confirmation
FileCopy(0x12f9b50) enters state CONFIRM_WAIT
set bmk:auto-sync yes
set bmk:save-passwords no
set cache:cache-empty-listings no
set cache:enable yes
set cache:expire 60m
set cache:expire-negative 1m
set cache:size 16M
set cmd:at-exit ""
set cmd:cls-completion-default -FB
set cmd:cls-default -F
set cmd:csh-history off
set cmd:default-protocol ftp
set cmd:default-title "lftp \\h:\\w"
set cmd:fail-exit no
set cmd:interactive no
set cmd:long-running 30
set cmd:ls-default ""
set cmd:move-background yes
set cmd:move-background-detach yes
set cmd:parallel 1
set cmd:prompt "lftp \\S\\? \\u\\@\\h:\\w> "
set cmd:queue-parallel 1
set cmd:remote-completion on
set cmd:save-cwd-history yes
set cmd:save-rl-history yes
set cmd:set-term-status no
set cmd:status-interval 0.8s
set cmd:stifle-rl-history 500
set cmd:term-status ""
set cmd:term-status/*rxvt* "\\e[11;0]\\e]2;\\T\\007\\e[11]"
set cmd:term-status/*screen* \\e_\\T\\e\\
set cmd:term-status/*xterm* "\\e[11;0]\\e]2;\\T\\007\\e[11]"
set cmd:time-style "%b %e %Y|%b %e %H:%M"
set cmd:trace no
set cmd:verbose no
set cmd:verify-host yes
set cmd:verify-path yes
set cmd:verify-path-cached no
set color:dir-colors "rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*
.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35!
:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:"
set color:use-color auto
set dns:SRV-query no
set dns:cache-enable yes
set dns:cache-expire 1h
set dns:cache-size 256
set dns:fatal-timeout 7d
set dns:max-retries 1000
set dns:order "inet6 inet"
set dns:use-fork yes
set file:charset UTF-8
set fish:charset ""
set fish:connect-program "ssh -a -x"
set fish:shell /bin/sh
set ftp:abor-max-wait 15s
set ftp:acct ""
set ftp:anon-pass lftp@
set ftp:anon-user anonymous
set ftp:auto-passive-mode yes
set ftp:auto-sync-mode "icrosoft FTP Service|MadGoat|MikroTik"
set ftp:bind-data-socket yes
set ftp:charset ""
set ftp:client lftp/4.0.9
set ftp:device-prefix no
set ftp:fix-pasv-address yes
set ftp:fxp-force no
set ftp:fxp-passive-source no
set ftp:fxp-passive-sscn yes
set ftp:home ""
set ftp:ignore-pasv-address no
set ftp:lang ""
set ftp:list-empty-ok no
set ftp:list-options ""
set ftp:nop-interval 120
set ftp:passive-mode true
set ftp:port-ipv4 ""
set ftp:port-range full
set ftp:prefer-epsv no
set ftp:proxy ""
set ftp:proxy-auth-type user
set ftp:rest-list no
set ftp:rest-stor yes
set ftp:retry-530 "too many|overloaded|try (again |back )?later|is restricted to|maximum number|number of connect|only.*session.*allowed|more connection|already connected|simultaneous login"
set ftp:retry-530-anonymous "Login incorrect"
set ftp:site-group ""
set ftp:skey-allow yes
set ftp:skey-force no
set ftp:ssl-allow yes
set ftp:ssl-allow-anonymous no
set ftp:ssl-auth SSL
set ftp:ssl-copy-sid yes
set ftp:ssl-data-use-keys yes
set ftp:ssl-force true
set ftp:ssl-protect-data true
set ftp:ssl-protect-fxp no
set ftp:ssl-protect-list yes
set ftp:ssl-shutdown-timeout 5
set ftp:ssl-use-ccc no
set ftp:stat-interval 1
set ftp:sync-mode on
set ftp:sync-mode/ftp.idsoftware.com on
set ftp:sync-mode/ftp.microsoft.com on
set ftp:sync-mode/sunsolve.sun.com on
set ftp:timezone GMT
set ftp:trust-feat no
set ftp:use-abor yes
set ftp:use-allo yes
set ftp:use-feat yes
set ftp:use-fxp yes
set ftp:use-hftp yes
set ftp:use-mdtm yes
set ftp:use-mdtm-overloaded no
set ftp:use-mlsd no
set ftp:use-pret yes
set ftp:use-quit yes
set ftp:use-site-chmod yes
set ftp:use-site-idle no
set ftp:use-site-utime yes
set ftp:use-site-utime2 yes
set ftp:use-size yes
set ftp:use-stat yes
set ftp:use-stat-for-list no
set ftp:use-telnet-iac yes
set ftp:verify-address no
set ftp:verify-port no
set ftp:waiting-150-timeout 5
set ftp:web-mode off
set ftps:initial-prot ""
set hftp:cache yes
set hftp:cache-control ""
set hftp:proxy ""
set hftp:use-authorization yes
set hftp:use-head yes
set hftp:use-mkcol no
set hftp:use-propfind no
set hftp:use-type yes
set http:accept */*
set http:accept-charset ""
set http:accept-language ""
set http:authorization ""
set http:cache yes
set http:cache-control ""
set http:cookie ""
set http:post-content-type application/x-www-form-urlencoded
set http:proxy ""
set http:put-content-type ""
set http:put-method PUT
set http:referer ""
set http:set-cookies no
set http:use-mkcol yes
set http:use-propfind no
set http:user-agent lftp/4.0.9
set https:proxy ""
set mirror:dereference no
set mirror:exclude-regex "(^|/)(\\.in\\.|\\.nfs)"
set mirror:include-regex ""
set mirror:order "*.sfv *.sig *.md5* *.sum * */"
set mirror:parallel-directories yes
set mirror:parallel-transfer-count 1
set mirror:set-permissions yes
set mirror:skip-noaccess no
set mirror:use-pget-n 1
set module:path /usr/lib64/lftp/4.0.9:/usr/lib64/lftp
set net:connection-limit 0
set net:connection-takeover yes
set net:idle 3m
set net:limit-max 0
set net:limit-rate 0:0
set net:limit-total-max 0
set net:limit-total-rate 0:0
set net:max-retries 1000
set net:no-proxy ""
set net:persist-retries 0
set net:reconnect-interval-base 30
set net:reconnect-interval-max 600
set net:reconnect-interval-multiplier 1.5
set net:socket-bind-ipv4 ""
set net:socket-bind-ipv6 ""
set net:socket-buffer 0
set net:socket-maxseg 0
set net:timeout 5m
set pget:default-n 5
set pget:save-status 10s
set sftp:charset ""
set sftp:connect-program "ssh -a -x"
set sftp:max-packets-in-flight 16
set sftp:protocol-version 4
set sftp:server-program sftp
set sftp:size-read 32k
set sftp:size-write 32k
set sftp:use-full-path yes
set ssl:ca-file /home/bag.crt
set ssl:cert-file /home/pub.crt
set ssl:check-hostname yes
set ssl:crl-file ""
set ssl:key-file /home/priv.key
set ssl:verify-certificate no
set xfer:auto-rename no
set xfer:buffer-size 0x10000
set xfer:clobber no
set xfer:destination-directory ""
set xfer:disk-full-fatal no
set xfer:eta-period 120
set xfer:eta-terse yes
set xfer:log yes
set xfer:make-backup yes
set xfer:max-redirections 10
set xfer:rate-period 15
set xfer:verify no
set xfer:verify-command ""
copy: put confirmed store
FileCopy(0x12f9b50) enters state GET_DONE_WAIT
copy: get is finished - all done
FileCopy(0x12f9b50) enters state ALL_DONE
FileCopy(0x12f7f30) enters state INITIAL
FileCopy(0x12f7f30) enters state DO_COPY
copy: get hit eof
copy: waiting for put confirmation
FileCopy(0x12f7f30) enters state CONFIRM_WAIT
ftp://59505:***@ftptest.echannel.banksys.be_2012:16370
copy: put confirmed store
FileCopy(0x12f7f30) enters state GET_DONE_WAIT
copy: get is finished - all done
FileCopy(0x12f7f30) enters state ALL_DONE
lftp ***@ftptest.echannel.banksys.be_2012:~> ls
FileCopy(0x13168a0) enters state INITIAL
FileCopy(0x13168a0) enters state DO_COPY
---- dns cache hit
---- Connecting to XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
<--- 220 Welcome to Synchrony Gateway FTP server
---> FEAT
<--- 530 Not logged in
---> AUTH SSL
<--- 234 AUTH command OK, waiting handshake
---> USER XXXXXXX
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
GNUTLS: HSK[0x135d0e0]: Keeping ciphersuite: RSA_ARCFOUR_MD5
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
GNUTLS: EXT[0x135d0e0]: Sending extension CERT_TYPE
GNUTLS: EXT[0x135d0e0]: Sending extension SAFE_RENEGOTIATION
GNUTLS: HSK[0x135d0e0]: CLIENT HELLO was sent [93 bytes]
GNUTLS: REC[0x135d0e0]: Sending Packet[0] Handshake(22) with length: 93
GNUTLS: REC[0x135d0e0]: Sent Packet[1] Handshake(22) with length: 98
GNUTLS: XXX[]: ret: -28 Resource temporarily unavailable, try again.
GNUTLS: XXX[]: ret: -28 Resource temporarily unavailable, try again.
GNUTLS: XXX[]: ret: -28 Resource temporarily unavailable, try again.
GNUTLS: XXX[]: ret: -28 Resource temporarily unavailable, try again.
GNUTLS: XXX[]: ret: -28 Resource temporarily unavailable, try again.
GNUTLS: REC[0x135d0e0]: Expected Packet[0] Handshake(22) with length: 1
GNUTLS: REC[0x135d0e0]: Received Packet[0] Handshake(22) with length: 42
GNUTLS: REC[0x135d0e0]: Decrypted Packet[0] Handshake(22) with length: 42
GNUTLS: HSK[0x135d0e0]: SERVER HELLO was received [42 bytes]
GNUTLS: HSK[0x135d0e0]: Server's version: 3.1
GNUTLS: HSK[0x135d0e0]: SessionID length: 0
GNUTLS: HSK[0x135d0e0]: SessionID:
GNUTLS: HSK[0x135d0e0]: Selected cipher suite: RSA_AES_128_CBC_SHA1
GNUTLS: Allowing unsafe initial negotiation!
GNUTLS: XXX[]: ret: -28 Resource temporarily unavailable, try again.
GNUTLS: XXX[]: ret: -28 Resource temporarily unavailable, try again.
GNUTLS: REC[0x135d0e0]: Expected Packet[1] Handshake(22) with length: 1
GNUTLS: REC[0x135d0e0]: Received Packet[1] Handshake(22) with length: 2761
GNUTLS: REC[0x135d0e0]: Expected Packet[1] Handshake(22) with length: 1
GNUTLS: REC[0x135d0e0]: Received Packet[1] Handshake(22) with length: 2761
GNUTLS: REC[0x135d0e0]: Expected Packet[1] Handshake(22) with length: 1
GNUTLS: REC[0x135d0e0]: Received Packet[1] Handshake(22) with length: 2761
GNUTLS: REC[0x135d0e0]: Decrypted Packet[1] Handshake(22) with length: 2761
GNUTLS: HSK[0x135d0e0]: CERTIFICATE was received [2761 bytes]
GNUTLS: REC[0x135d0e0]: Expected Packet[2] Handshake(22) with length: 1
GNUTLS: REC[0x135d0e0]: Received Packet[2] Handshake(22) with length: 211
GNUTLS: REC[0x135d0e0]: Decrypted Packet[2] Handshake(22) with length: 211
GNUTLS: HSK[0x135d0e0]: CERTIFICATE REQUEST was received [211 bytes]
GNUTLS: REC[0x135d0e0]: Expected Packet[3] Handshake(22) with length: 1
GNUTLS: REC[0x135d0e0]: Received Packet[3] Handshake(22) with length: 4
GNUTLS: REC[0x135d0e0]: Decrypted Packet[3] Handshake(22) with length: 4
GNUTLS: HSK[0x135d0e0]: SERVER HELLO DONE was received [4 bytes]
GNUTLS: HSK[0x135d0e0]: CERTIFICATE was sent [7 bytes]
GNUTLS: REC[0x135d0e0]: Sending Packet[1] Handshake(22) with length: 7
GNUTLS: REC[0x135d0e0]: Sent Packet[2] Handshake(22) with length: 12
GNUTLS: HSK[0x135d0e0]: CLIENT KEY EXCHANGE was sent [134 bytes]
GNUTLS: REC[0x135d0e0]: Sending Packet[2] Handshake(22) with length: 134
GNUTLS: REC[0x135d0e0]: Sent Packet[3] Handshake(22) with length: 139
GNUTLS: REC[0x135d0e0]: Sent ChangeCipherSpec
GNUTLS: REC[0x135d0e0]: Sending Packet[3] Change Cipher Spec(20) with length: 1
GNUTLS: REC[0x135d0e0]: Sent Packet[4] Change Cipher Spec(20) with length: 6
GNUTLS: INT: PREMASTER SECRET[48]: 030285d174ec494fe26720f16d5f2ff22367be66f0b7a92b3e9e6731ffc7676a6cb46ff1dbdcc5a167ef67377172126f
GNUTLS: INT: CLIENT RANDOM[32]: 5141e8e33ddb61c26e36f75820c586e7a2cb8d199fa9505089d4b2679d032491
GNUTLS: INT: SERVER RANDOM[32]: 5141e8e389c02a4f95349c20c70d222391bd6a70a9c00e3f40ee8f0e25ef1d2f
GNUTLS: INT: MASTER SECRET: 35d22910f0753197087040213c443600a16ec5711f6c9bc93f991c331ec48c555470aaa7dca1f4f3840230aa266acb23
GNUTLS: INT: KEY BLOCK[104]: 3edd4bd46b5a0c184275dca4a4dcb73bed02ad9616ddf496164e78ce51b94569
GNUTLS: INT: CLIENT WRITE KEY [16]: a442b7e7448deaad92c1ee40575cbe94
GNUTLS: INT: SERVER WRITE KEY [16]: 6d5cb2b4cb96af2538864a6b629b2a19
GNUTLS: HSK[0x135d0e0]: Cipher Suite: RSA_AES_128_CBC_SHA1
GNUTLS: HSK[0x135d0e0]: Initializing internal [write] cipher sessions
GNUTLS: HSK[0x135d0e0]: FINISHED was sent [16 bytes]
GNUTLS: REC[0x135d0e0]: Sending Packet[0] Handshake(22) with length: 16
GNUTLS: REC[0x135d0e0]: Sent Packet[1] Handshake(22) with length: 277
GNUTLS: XXX[]: ret: -28 Resource temporarily unavailable, try again.
GNUTLS: XXX[]: ret: -28 Resource temporarily unavailable, try again.
GNUTLS: REC[0x135d0e0]: Expected Packet[4] Change Cipher Spec(20) with length: 1
GNUTLS: REC[0x135d0e0]: Received Packet[4] Alert(21) with length: 2
GNUTLS: REC[0x135d0e0]: Decrypted Packet[4] Alert(21) with length: 2
GNUTLS: REC[0x135d0e0]: Alert[2|40] - Handshake failed - was received
**** gnutls_handshake: A TLS fatal alert has been received.
---- Closing control socket
ls: Fatal error: gnutls_handshake: A TLS fatal alert has been received.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Curl session :

# cat trace.txt
== Info: About to connect() to XXXXXXXXXXXXXXXXXXXXXXXXXX (#0)
== Info: Trying XXXXXXXXXXX... == Info: connected
== Info: Connected to XXXXXXXXXXXXXXXX (XXXXXXXXXX) port XXXXX (#0)
<= Recv header, 45 bytes (0x2d)
0000: 32 32 30 20 57 65 6c 63 6f 6d 65 20 74 6f 20 53 220 Welcome to S
0010: 79 6e 63 68 72 6f 6e 79 20 47 61 74 65 77 61 79 ynchrony Gateway
0020: 20 46 54 50 20 73 65 72 76 65 72 0d 0a FTP server..
=> Send header, 10 bytes (0xa)
0000: 41 55 54 48 20 53 53 4c 0d 0a AUTH SSL..
<= Recv header, 40 bytes (0x28)
0000: 32 33 34 20 41 55 54 48 20 63 6f 6d 6d 61 6e 64 234 AUTH command
0010: 20 4f 4b 2c 20 77 61 69 74 69 6e 67 20 68 61 6e OK, waiting han
0020: 64 73 68 61 6b 65 0d 0a dshake..
== Info: Initializing NSS with certpath: /etc/pki/nssdb
== Info: CAfile: /home/bag.crt
CApath: none
== Info: NSS: client certificate: PEM Token #1:XXXXXXX
== Info: subject: CN=XXXXX,O=XXXXXX,C=BE
== Info: start date: Mar 04 12:46:45 2013 GMT
== Info: expire date: Oct 06 12:46:33 2015 GMT
== Info: common name: XXXXXXX
== Info: issuer: CN=XXXXXXXXXXX,OU=XXX-SCY,O=XXXXXXXXXXX,C=BE
== Info: SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
== Info: Server certificate:
== Info: subject: CN=XXXXXXXXXXX,OU=test,O=XXXXXXXXXXXXXX,C=BE
== Info: start date: Dec 05 16:03:40 2012 GMT
== Info: expire date: Oct 06 12:46:33 2015 GMT
== Info: common name: XXXXXXXXXXXXXXXXXXXXXXXXXXX
== Info: issuer: CN=XXXXXXXXXXXXXXXXX,OU=XXX-SCY,O=XXXXXXXXXXXXXXXXXX,C=BE
=> Send header, 12 bytes (0xc)
0000: 55 53 45 52 20 35 39 35 30 35 0d 0a USER XXXX..
<= Recv header, 26 bytes (0x1a)
0000: 33 33 31 20 53 65 6e 64 20 70 61 73 73 77 6f 72 331 Send passwor
0010: 64 20 70 6c 65 61 73 65 0d 0a d please..
=> Send header, 10 bytes (0xa)
0000: 50 41 53 53 20 58 46 42 0d 0a PASS XXX..
<= Recv header, 29 bytes (0x1d)
0000: 32 33 30 20 55 73 65 72 20 6c 6f 67 67 65 64 20 230 User logged
0010: 69 6e 2c 20 70 72 6f 63 65 65 64 0d 0a in, proceed..
=> Send header, 8 bytes (0x8)
0000: 50 42 53 5a 20 30 0d 0a PBSZ 0..
<= Recv header, 18 bytes (0x12)
0000: 32 30 30 20 43 6f 6d 6d 61 6e 64 20 6f 6b 61 79 200 Command okay
0010: 0d 0a ..
=> Send header, 8 bytes (0x8)
0000: 50 52 4f 54 20 50 0d 0a PROT P..
<= Recv header, 18 bytes (0x12)
0000: 32 30 30 20 43 6f 6d 6d 61 6e 64 20 6f 6b 61 79 200 Command okay
0010: 0d 0a ..
=> Send header, 5 bytes (0x5)
0000: 50 57 44 0d 0a PWD..
<= Recv header, 31 bytes (0x1f)
0000: 32 35 37 20 22 2f 22 20 69 73 20 63 75 72 72 65 257 "/" is curre
0010: 6e 74 20 64 69 72 65 63 74 6f 72 79 2e 0d 0a nt directory...
== Info: Entry path is '/'
=> Send header, 9 bytes (0x9)
0000: 43 57 44 20 4f 55 54 0d 0a CWD OUT..
<= Recv header, 43 bytes (0x2b)
0000: 32 35 30 20 52 65 71 75 65 73 74 65 64 20 66 69 250 Requested fi
0010: 6c 65 20 61 63 74 69 6f 6e 20 6f 6b 61 79 2c 20 le action okay,
0020: 63 6f 6d 70 6c 65 74 65 64 0d 0a completed..
=> Send header, 14 bytes (0xe)
0000: 43 57 44 20 49 50 46 30 35 30 35 34 0d 0a CWD IDDDDDDD..
<= Recv header, 43 bytes (0x2b)
0000: 32 35 30 20 52 65 71 75 65 73 74 65 64 20 66 69 250 Requested fi
0010: 6c 65 20 61 63 74 69 6f 6e 20 6f 6b 61 79 2c 20 le action okay,
0020: 63 6f 6d 70 6c 65 74 65 64 0d 0a completed..
=> Send header, 6 bytes (0x6)
0000: 50 41 53 56 0d 0a PASV..
== Info: Connect data stream passively
<= Recv header, 51 bytes (0x33)
0000: 32 32 37 20 45 6e 74 65 72 69 6e 67 20 70 61 73 227 Entering pas
0010: 73 69 76 65 20 6d 6f 6XXXXXXXXXXXXXXXXXXXX2c 35 sive mode (XXXXX
XXXXXXXXXX
0030: 2e 0d 0a ...
== Info: Trying XXXXXXXXXXXXX.. == Info: connected
== Info: Connecting to XXXXXXXXXXXXXXXXXXX (XXXXXXXXXXXXXX port XXXXXX
=> Send header, 8 bytes (0x8)
0000: 54 59 50 45 20 41 0d 0a TYPE A..
<= Recv header, 18 bytes (0x12)
0000: 32 30 30 20 43 6f 6d 6d 61 6e 64 20 6f 6b 61 79 200 Command okay
0010: 0d 0a ..
=> Send header, 6 bytes (0x6)
0000: 4c 49 53 54 0d 0a LIST..
<= Recv header, 18 bytes (0x12)
0000: 31 32 35 20 4c 69 73 74 20 73 74 61 72 74 65 64 125 List started
0010: 0d 0a ..
== Info: Doing the SSL/TLS handshake on the data stream
== Info: CAfile: /home/bag.crt
CApath: none
== Info: NSS: client certificate: PEM Token #1:public.crt
== Info: subject: CN=xxx,O=xxxx,C=BE
== Info: start date: Mar 04 12:46:45 2013 GMT
== Info: expire date: Oct 06 12:46:33 2015 GMT
== Info: common name: T59505
== Info: issuer: CN=xxx,OU=xxxxx,O=xxxx,C=BE
== Info: SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
== Info: Server certificate:
== Info: subject: CN=xxxxx,OU=test,O=xxxxxx,C=BE
== Info: start date: Dec 05 16:03:40 2012 GMT
== Info: expire date: Oct 06 12:46:33 2015 GMT
== Info: common name: xxxxxxxxxxxxxxxxxx
== Info: issuer: CN=x,OU=xxx,O=xxxxxxxx,C=BE
== Info: Maxdownload = -1
<= Recv data, 130 bytes (0x82)
0000: 74 6f 74 61 6c 20 32 0d 0a 64 72 2d 78 72 2d 78 total 2..dr-xr-x
0010: 72 2d 78 20 20 20 30 20 2d 2d 4e 41 2d 2d 20 20 r-x 0 --NA--
0020: 20 2d 2d 4e 41 2d 2d 20 20 20 20 20 20 20 20 20 --NA--
0030: 20 20 20 30 20 4d 61 72 20 20 36 20 30 39 3a 32 0 Mar 6 09:2
0040: 38 20 2e 0d 0a 64 72 2d 78 72 2d 78 72 2d 78 20 8 ...dr-xr-xr-x
0050: 20 20 30 20 2d 2d 4e 41 2d 2d 20 20 20 2d 2d 4e 0 --NA-- --N
0060: 41 2d 2d 20 20 20 20 20 20 20 20 20 20 20 20 30 A-- 0
0070: 20 4d 61 72 20 20 36 20 30 38 3a 35 37 20 2e 2e Mar 6 08:57 ..
0080: 0d 0a ..
== Info: Remembering we are in dir "OUT/IDDDDDDDD/"
<= Recv header, 20 bytes (0x14)
0000: 32 32 36 20 4c 69 73 74 20 63 6f 6d 70 6c 65 74 226 List complet
0010: 65 64 0d 0a ed..
== Info: Connection #0 to host ftptest.echannel.banksys.be_2012 left intact
=> Send header, 6 bytes (0x6)
0000: 51 55 49 54 0d 0a QUIT..
<= Recv header, 16 bytes (0x10)
0000: 32 32 31 20 4c 6f 67 67 65 64 20 6f 75 74 0d 0a 221 Logged out..
== Info: Closing connection #0
[***@abntapp01 mdr]#

Kindest regards ,
Michel




-----Original Message-----
From: Alexander V. Lukyanov [mailto:***@netis.ru]
Sent: donderdag 14 maart 2013 9:08
To: Michel DE ROUCK
Cc: ***@uniyar.ac.ru
Subject: Re: [lftp] Problem lftp towards AXway Synchrone Gateway
...
Looks like the server did not like RSA_AES_128_CBC_SHA1 cipher suite.