Search code examples
sslcurlwindows-10ftps

How to construct CURL FTPS command in Windows 10 Command Prompt for FTP with TLS

I'm on Windows 10 Professional Plus I have a CURL command in DOS that works fine for standard FTP on Port 21 Once I'm in the folder C:\Program Files\cURL\bin> I issue the command:

curl -v -T (C:\folders\file_to_be_transferred.pdf) ftp://(username):(password)@(host.top_level_domain.com)/file_to_be_transferred.pdf

I'm trying to transfer the file using FTP over TLS. When I change FTP to FTPS and change the command to:

curl -v -T (C:\folders\file_to_be_transferred.pdf) ftps://(username):(password)@(host.top_level_domain.com)/file_to_be_transferred.pdf

I get the following response from CURL:

* Hostname was NOT found in DNS cache
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 999.999.999.999...
* Connected to host.top_level_domain.com (999.999.999.999) port 21 (#0)
* successfully set certificate verify locations:
*   CAfile: C:\Program Files\cURL\bin\curl-ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection 0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

When I request the CURL version using CURL -V I get the following response:

curl 7.39.0 (x86_64-pc-win32) libcurl/7.39.0 OpenSSL/1.0.1g zlib/1.2.8 WinIDN libssh2/1.4.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile SSPI SPNEGO NTLM SSL libz

How do I enable TLS over FTP with CURL on Windows 10? Thanks for looking at this.

Solution

  • I resolved the problem. It was how I referenced the certificates. Earlier I had transferred the certificate generated by the FileZilla Server (certificate.crt) to the Windows Client. I placed that certificate file in the folder C:\Program Files\cURL\bin. Also, I copied the contents of certificate.crt and appended it to the existing certificate called curl-ca-bundle.crt. Appending the new certificate to that bundle file is very important. That was my problem. Now, when I reference only the FileZilla_Server generated certificate in the client's CURL command, the transfer works. It seems that cURL will always reference the curl-ca-bundle.crt file in addition to what is referenced in the command line. The logs referenced the details of the SSLv3 handshake. Also I restructured the command a little bit to make it more readable. Here it is:

    curl --user username:password --cert "C:\Program Files\cURL\bin\certificate.crt" -v -T C:\folder_and_file_to_be_transferred.pdf ftps://host.top_level_domain.com/filename.pdf

    By the way, the default port for FTPS is 990. On the router I had to open up port 990 and the port range 20101-20120. I did NOT have to open up port 21 since I was using ftpS. I hope this helps someone else.