Can't connect with TLS/SSL in version 3.1.0
Moderator: Project members
Re: Can't connect with TLS/SSL in version 3.1.0
Hello,
Has far as I know, my server is working fine. I'm using serv-U 7.2.0.0.
I've been using smartFTP for sometime and I've never had a problem with serv-U.
Why does it work fine with version 3.0.11.1 and not the latest release?
Thanks
Karl
Has far as I know, my server is working fine. I'm using serv-U 7.2.0.0.
I've been using smartFTP for sometime and I've never had a problem with serv-U.
Why does it work fine with version 3.0.11.1 and not the latest release?
Thanks
Karl
Re: Can't connect with TLS/SSL in version 3.1.0
Because previous versions were broken, they failed to act on a problem reported by the TLS library.
Re: Can't connect with TLS/SSL in version 3.1.0
Hello,
Thanks for your quick responses.
You mentioned that it is "a bug io my server". If thats the case, how should I go about finding the problem?
Is there a way I could look at the serv-U logs to see if SSL/TSL does not shut down properly?
Karl
Thanks for your quick responses.
You mentioned that it is "a bug io my server". If thats the case, how should I go about finding the problem?
Is there a way I could look at the serv-U logs to see if SSL/TSL does not shut down properly?
Karl
Re: Can't connect with TLS/SSL in version 3.1.0
Not sure it appears in the server log. You might want to contact your server vendor.
Re: Can't connect with TLS/SSL in version 3.1.0
Hello,
If I were to contact serv-U, what should I tell them?
Should I tell them that I'm using FileZilla version 3.1 and that I am not able to connect to the account using SSL/TSL implicit.
Karl
If I were to contact serv-U, what should I tell them?
Should I tell them that I'm using FileZilla version 3.1 and that I am not able to connect to the account using SSL/TSL implicit.
Karl
Re: Can't connect with TLS/SSL in version 3.1.0
Yes, and point them towards the following specs:
http://tools.ietf.org/html/rfc4346#page-27
http://rfc.net/rfc4217.html#p21
It clearly shows that a shutdown is required.
http://tools.ietf.org/html/rfc4346#page-27
http://rfc.net/rfc4217.html#p21
It clearly shows that a shutdown is required.
-
- 500 Command not understood
- Posts: 4
- Joined: 2008-07-25 02:52
- First name: Dave
- Last name: Miller
Re: Can't connect with TLS/SSL in version 3.1.0
I hear what you're saying botg, but let me add another server type (ProFTPD) on which the same problem is occuring. Also, the specs to which you linked speak to orderly shutdown. Are you saying that the problem starts with the close event and not with the bad packet?
(from the OP's log)
Trace: CTlsSocket::OnSocketEvent(): close event received
Trace: CTransferSocket::OnReceive(), m_transferMode=0
Trace: GnuTLS error -9: A TLS packet with unexpected length was received.
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
(from the OP's log)
Trace: CTlsSocket::OnSocketEvent(): close event received
Trace: CTransferSocket::OnReceive(), m_transferMode=0
Trace: GnuTLS error -9: A TLS packet with unexpected length was received.
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
Re: Can't connect with TLS/SSL in version 3.1.0
The error code from GnuTLS is a bit misleading. It expects a packet with a nonzero length, but since the connection got closed without orderly shutdown, it gets a "0-length packet".
-
- 500 Syntax error
- Posts: 13
- Joined: 2006-09-22 02:45
Re: Can't connect with TLS/SSL in version 3.1.0
It may be, but the fact is that i tried to access the same server with different FTP clients (current try-outs of Flash FXP and CuteFTP) and none of them suffer from this problem. And as i said before, i downgraded Filezilla and i'm now using version 3.0.11.1 without any problem whatsoever.It is a bug in your server, it does not perform an orderly SSL/TLS shutdown like it's supposed to do.
I contacted the admin of the server running Gene6 and is response was: "no one as any problem connecting to this server, you should use another ftp client". I seems that they've around 300 plus users connecting to this server in a daily basis.
For now i'll stick to version 3.0.11.1.
Re: Can't connect with TLS/SSL in version 3.1.0
Such arrogance.I contacted the admin of the server running Gene6 and is response was: "no one as any problem connecting to this server, you should use another ftp client".
-
- 500 Command not understood
- Posts: 1
- Joined: 2008-07-26 00:50
- First name: Chuck
- Last name: Turco
Re: Can't connect with TLS/SSL in version 3.1.0
I'm seeing the same behavior with FileZilla 3.1.0.1 and ProFTPd 1.3.1/OpenSSL 0.9.8b (stock CentOS 5.2).
After upgrading to 3.1.0.1, I am no longer able to communicate with my ProFTPd server via TLS. I get the exact same behavior posted by others.
I scanned the source code for ProFTPd and it's making the right call to OpenSSL's SSL_Shutdown which claims to cleanly send the proper messages.
I've directed my clients to not upgrade beyond 3.0 until this can be sorted out.
I am hopeful you'll reconsider FileZilla's behavior in this situation so we can continue to enjoy broad interoperability with OpenSSL based servers: "be lenient in what you accept and strict in what you send"
After upgrading to 3.1.0.1, I am no longer able to communicate with my ProFTPd server via TLS. I get the exact same behavior posted by others.
I scanned the source code for ProFTPd and it's making the right call to OpenSSL's SSL_Shutdown which claims to cleanly send the proper messages.
I've directed my clients to not upgrade beyond 3.0 until this can be sorted out.
I am hopeful you'll reconsider FileZilla's behavior in this situation so we can continue to enjoy broad interoperability with OpenSSL based servers: "be lenient in what you accept and strict in what you send"
Re: Can't connect with TLS/SSL in version 3.1.0
fwiw i emailed the author of vsftpd and he said he would fix it soon.
Re: Can't connect with TLS/SSL in version 3.1.0
Not sure if this should be posted in the Server Support Forum...
Actually, FileZilla Server 0.9.26 has the same error and a fix should be required.
So far, FTP 7 for IIS 7 appears to be one of the very few servers that do not have the problem:
Actually, FileZilla Server 0.9.26 has the same error and a fix should be required.
Code: Select all
12:43:24 Trace: CTlsSocket::OnRead()
12:43:24 Trace: GnuTLS error -9: A TLS packet with unexpected length was received.
12:43:24 Status: Server did not properly shut down TLS connection
12:43:24 Trace: CTlsSocket::OnSocketEvent(): close event received
12:43:24 Trace: CRealControlSocket::OnClose(10053)
12:43:24 Error: Disconnected from server: ECONNABORTED - Connection aborted
12:43:24 Trace: CFtpControlSocket::ResetOperation(66)
12:43:24 Trace: CControlSocket::ResetOperation(66)
Code: Select all
12:48:52 Trace: CTlsSocket::OnSocketEvent(): close event received
12:48:52 Trace: CRealControlSocket::OnClose(0)
12:48:52 Error: Connection closed by server
12:48:52 Trace: CFtpControlSocket::ResetOperation(66)
12:48:52 Trace: CControlSocket::ResetOperation(66)
Re: Can't connect with TLS/SSL in version 3.1.0
Actually PROT C is even the initial default, so FZ has to fall back.
But that's not the problem in this case. Please configure the server and all attached routers and firewalls as described in the Network Configuration guide.
But that's not the problem in this case. Please configure the server and all attached routers and firewalls as described in the Network Configuration guide.
-
- 500 Command not understood
- Posts: 1
- Joined: 2008-07-27 09:23
- First name: Peter
- Last name: Jansen
Re: Can't connect with TLS/SSL in version 3.1.0
Well I'm having exactly the same problem since my upgrade to filezilla 3.1.
I can't properly log on to my proftpd servers. I'm running two different servers with proftpd 1.3.0 and 1.3.1, but I've got exactly the same problem on both systems. Everything works fine without TLS/SSL required though.
What happens is that I can log on but I only see an empty folder. Is there anything I can do in my filezilla config settings?
I can't properly log on to my proftpd servers. I'm running two different servers with proftpd 1.3.0 and 1.3.1, but I've got exactly the same problem on both systems. Everything works fine without TLS/SSL required though.
Code: Select all
Jul 27 11:02:14 mod_tls/2.1.2[2948]: starting TLS negotiation on data connection
Jul 27 11:02:14 mod_tls/2.1.2[2948]: TLSv1/SSLv3 data connection accepted, using cipher XXXXXXXXXXXXXXX (128 bits)
Jul 27 11:09:28 mod_tls/2.1.2[3009]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jul 27 11:09:29 mod_tls/2.1.2[3009]: TLS/TLS-C requested, starting TLS handshake
Jul 27 11:09:29 mod_tls/2.1.2[3009]: TLSv1/SSLv3 connection accepted, using cipher XXXXXXXXXXXXXXXX (128 bits)
Jul 27 11:09:29 mod_tls/2.1.2[3009]: Protection set to Private
Jul 27 11:09:29 mod_tls/2.1.2[3009]: starting TLS negotiation on data connection
Jul 27 11:09:29 mod_tls/2.1.2[3009]: TLSv1/SSLv3 data connection accepted, using cipher XXXXXXXXXXXXXXXX (128 bits)
Code: Select all
257 "/" is the current directory
Commande : TYPE I
Réponse: 200 Type set to I
Commande : PASV
Réponse: 227 Entering Passive Mode (xxxxxxxxxxxxxxxxx).
Commande : LIST
Réponse: 150 Opening ASCII mode data connection for file list
Statut: Server did not properly shut down TLS connection
Erreur : Could not read from transfer socket: ECONNABORTED - Connection aborted
Réponse: 226 Transfer complete
Erreur : Échec à la lecture du contenu du répertoire