SSL Error 5 trying to connect with AUTH TLS

[Mike Keighley]

My customer is trying to connect to my FTP server (vsftpd). Originally he was trying WS-FTP in SSL mode and failing, so I recommended trying CoreFTP. He did, and gets this failure:

Welcome to Core FTP, release ver 1.3c, build 1446 (U) -- (c) 2003-2005
WinSock 2.0
Mem -- 523,268 KB, Virt -- 2,097,024 KB
Started on Tuesday January 24, 2006 at 16:06:PM
Connect socket #448 to XXX.XXX.XX.249, port 21...
220 Adare Lexicon customer FTP Server. Authorised users only.
AUTH TLS
234 Proceed with negotiation.
SSL/TLS error - 0, SSL error - 5
SSL Connection not established

What is an "SSL error - 5" please ?

There are the usual complications of NAT, firewall etc. but this sounds more like a encryption hiccup ?

By contrast, when I test it internally (but via the same make of firewall) I get in fine, using either AUTH SSL or TLS:

Welcome to Core FTP, release ver 1.3c, build 1445 (U) -- © 2003-2005
WinSock 2.0
Mem -- 514,864 KB, Virt -- 2,097,024 KB
Started on Tuesday January 24, 2006 at 18:12:PM
Resolving xxxxxxx...
Connect socket #472 to XXX.XXX.XXX.249, port 21...
220 Adare Lexicon customer FTP Server. Authorised users only.
AUTH SSL
234 Proceed with negotiation.
TLSv1, cipher TLSv1/SSLv3 (DES-CBC3-SHA) - 168 bit
USER mike
331 Please specify the password.
PASS **********
230 Login successful.
SYST
215 UNIX Type: L8
Keep alive off...
PWD
257 "/home/mike"
PBSZ 0
200 PBSZ set to 0.
PROT P
200 PROT now Private.
PORT 162,27,51,24,110,58
200 PORT command successful. Consider using PASV.
LIST
150 Here comes the directory listing.
TLSv1, cipher TLSv1/SSLv3 (DES-CBC3-SHA) - 168 bit
226 Directory send OK.
Transferred 136 bytes in 0.008 seconds

... although I find it slightly odd that it negotiates TLSv1 in preference to SSLv3, given that I specified "AUTH SSL". Is this normal behaviour please ?

vsftpd is configured to accept TLSv1 or SSLv3 but not SSLv2, if that is relevant.