Have you ever tried to issue an FTP command or transfer files and greeted with a 534 error? You probably wondered what triggered it and how you could get rid of it. Though rare, 534 errors are quite common in FTP,and they are made to enforce security protocols for remote file servers using SSL.
In this brief guide, you’ll learn all you need to know about 534 errors, why they are generated, when they are most likely going to occur and what you can do to fix them. As a word of caution, 534 errors mean that the server has already refused any command issued and will force you to make some changes to enforce SSL before you proceed.
A 534 error is generated whenever you try to connect to a secured web server through an unsecured channel. It usually occurs when the remote web server requires SSL, but your client (FTP client) does not have SSL/ TLS enabled. Often, attempting a connection without SSL will trigger the following error and abort the connection attempt without warning or providing an alternative method to resolve the issue:
534 Policy requires SSL
Could not connect to server
534 Request denied for policy reasons
The first two errors might appear in some FTP clients such as FileZilla or WinSCP when you wither try to connect or try to download or upload a file to your web server. Some command-line and custom FTP clients will generate the third error than is often quite confusing to those new to the platform.
As a policy, SSL is made to ensure that all connections to a web server are passed through an encryption channel and that anyone accessing the server is authorized to do so. Overlooking or forgetting to connect through SSL/TLS will give you endless 534 errors until you have established an SSL connection on your FTP client.
A 534 FTP response code is generated when you try to connect insecurely to a server that has strict SSL requirements. As with all other security protocols on web servers such as 533 and the rest, error 534 is quite strictly implemented on most web servers. This means any attempt to connect without SSL to the secured FTP server will be unsuccessful and terminated.
In rare cases (especially for IBM systems), adding the CHGFTPA parameter to an FTP command might also trigger the 534 response code. This parameter’s values include one to allow the sockets layer that must be turned on in the command (set to “YES”).
In some instances, the FTP client SSL parameters may be wrong or missing the required credentials. For instance, forgetting to add the correct SSL username will lead to a failed SSL connection even when you have supplied the correct password. Some FTP connections(such as IIS-FTP) also require that you enable explicit FTP over TLS as the connection protocol before attempting a connection.
Fixing 534 errors is as easy as enabling SSL on the FTP client before attempting a connection to a remote web server or transferring files. In the case of commands and automated FTP connection (in code), ensure that you have enabled the required SFTP flags before running the commands and provide the correct usernames and passwords.
There are specific instructions for fixing the 534 SSL error in the FTP connection. Since FileZilla happens to be the most popular FTP client, the following fix could be of more help to you. The same fix can also work on other FTP clients with a few alterations based on the config interface:
Lastly, click on the Ok button, and you will establish a connection with the FTP server.