Issue:
Why do I get “534 Protection level negotiation failed.” error when attempting to transfer files to a Microsoft Internet Information Server FTPS
service usingĀ lftp?
Resolution:
Please force lftp to encrypt data transmissions with the following settings:
set ftp:ssl-force true:set ftp:ssl-protect-data true:set ftps:initial-prot:
You can enter those settings manually before establishing a connection:
# lftp
lftp :~> set ftp:ssl-force true
lftp :~> set ftp:ssl-protect-data true
lftp :~> set ftps:initial-prot
lftp :~> open -d -u usernam,password ftps://my_ftps.iis.example.com/directoryAlternatively you can store those settings in a configuration file so they are used by default on each invocation:
If you want to apply those default settings system-wide, that is, to all users in the system, please add the settings above to /etc/lftp.conf configuration file.
If you want to apply those default settings to one or more specific users only please add the settings above to ~/.lftp/rc configuration file.
Root Cause:
IIS FTPS service has been configured with “Require SSL connections” but lftp still defaults to clear text data transfers.
As per lftp man page:
ftp:ssl-protect-data (boolean)
if true, request ssl connection for data transfers. This is cpu-intensive but provides pri-
vacy. Default is false.Consequently an equivalent setting to force encrypted transmission of data is required for lftp too.