SYMPTOM

When using an FTP action (Ftp Get, Ftp Put), the file transfer fails with an error like "425 : Unable to build data connection: Operation not permitted".

(French error message: "425 Impossible d'établir la connexion de données : Opération non permise").

Some FTP servers might display this kind of message in their log files (sample from Proftpd tls.log file):

2017-06-22 15:27:05,054 mod_tls/2.6[6418]: TLS/TLS-C requested, starting TLS handshake
2017-06-22 15:27:05,125 mod_tls/2.6[6418]: client supports secure renegotiations
2017-06-22 15:27:05,125 mod_tls/2.6[6418]: TLSv1/SSLv3 connection accepted, using cipher ECDHE-RSA-AES128-SHA256 (128 bits)
2017-06-22 15:27:05,201 mod_tls/2.6[6418]: Protection set to Private
2017-06-22 15:27:05,238 mod_tls/2.6[6418]: starting TLS negotiation on data connection
2017-06-22 15:27:05,566 mod_tls/2.6[6418]: client did not reuse SSL session, rejecting data connection (see the NoSessionReuseRequired TLSOptions parameter)
2017-06-22 15:27:05,566 mod_tls/2.6[6418]: unable to open data connection: TLS negotiation failed

SOLUTION

An FTPS file transfer uses two connections:

  • the main connection ("command channel") where the client and server exchange commands and replies,
  • and the data connection where actual file lists and file data are transferred.

Some FTP servers are configured to require the use of the same SSL session for these two channels. Hence the above message.

A possible solution is to configure the server to autorize the use of separate SSL session (Proftpd instructions are here). 

If this solution is not applicable in your case please contact the support team.