I'm trying to upload a file with curl to the webserver that supports both FTP and FTPS.
curl -vvv --ftp-ssl-reqd --user "username:password" ftp://ftps.website.com -T /path/to/a/file
This command takes very long because curl first tries to use EPSV code and then it fails accordingly to the logs
> EPSV
* Connect data stream passively
* ftp_perform ends with SECONDARY: 0
< 229 Entering Extended Passive Mode (|||50107|)
* Trying 123.456.789.123...
* TCP_NODELAY set
* Connecting to 123.456.789.123 (123.456.789.123) port 50107
* Connection failed
* connect to 123.456.789.123 port 21 failed: Operation timed out
* Failed to connect to ftps.website.com port 21: Operation timed out
* Failed EPSV attempt. Disabling EPSV
> PASV
After disabling EPSV, transfer succeeds using plain PASV mode.
Connecting to the same webserver through plain, unencrypted FTP and using EPSV works fine. Daniel Stenberg writes that
This is particularly complicated if you enable FTPS (encrypted FTP) as then the new port number is invisible to middle-boxes such as firewalls.
but he does not provide any solution.
How to correctly fix it for FTPS except of just "never use EPSV for FTPS"?
How about just use --disable-epsv ? And the quote from me there isn't saying that EPSV in particular is more complicated than PASV. Both are equally complicated in an FTPS situation I'd say because of the stated reason.
There's normally no issues with EPSV at all. The command works as fine over FTPS as for FTP. Your problem is rather due to your specific server and network surrounding