Filezilla issue after update

Come here to discuss FileZilla and FTP in general

Moderator: Project members

Message
Author
ianhaney
504 Command not implemented
Posts: 9
Joined: 2016-02-07 10:08
First name: Ian
Last name: Haney

Filezilla issue after update

#1 Post by ianhaney » 2016-07-28 12:05

Hi

A update popped up on Filezilla so did the update and now I can't connect to the FTP where as before I could

the message I get is below

Received certificate chain could not be verified. Verification status is 66.
Error: Could not connect to server

The setting is currently set to use explicit FTP over TLS if available as the encryption, if I change it to only use plain FTP(insecure) it works and connects but worried in case it's not secure

Has anyone had this issue before and if so how to solve it

Thank you in advance

User avatar
botg
Site Admin
Posts: 32473
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Filezilla issue after update

#2 Post by botg » 2016-07-28 12:49

That's strange. What's the address of the server you are trying to connect to?

My first guess is that the server sends a wrongly sorted certificate chain.

ianhaney
504 Command not implemented
Posts: 9
Joined: 2016-02-07 10:08
First name: Ian
Last name: Haney

Re: Filezilla issue after update

#3 Post by ianhaney » 2016-07-28 13:00

Do you mean the host, if so it is ftp.broadwaymediadesigns.co.uk

User avatar
botg
Site Admin
Posts: 32473
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Filezilla issue after update

#4 Post by botg » 2016-07-28 13:25

Yes, the certificate chain sent by the server is indeed malformed.

During the TLS handshake the server sends its certificate and a chain of issueing certificates. If the chain contains three certificates, say A, B and C, then A must be signed by B and B must be signed by C. Your server sends a chain where A is signed by C and C is signed by B.

Please contact your server administrator or server hosting provider for assistance to have the server's certificate chain fixed.


For reference, see https://tools.ietf.org/html/rfc5246#page-48:
certificate_list
This is a sequence (chain) of certificates. The sender's
certificate MUST come first in the list. Each following
certificate MUST directly certify the one preceding it.

ianhaney
504 Command not implemented
Posts: 9
Joined: 2016-02-07 10:08
First name: Ian
Last name: Haney

Re: Filezilla issue after update

#5 Post by ianhaney » 2016-07-28 14:01

Will do, I'll contact them now

Thank you for your help and replies, appreciate it

savvygents
500 Command not understood
Posts: 3
Joined: 2016-07-28 14:25

Re: Filezilla issue after update

#6 Post by savvygents » 2016-07-28 14:28

Having the same problem after update - it was working right before I updated.

savvygents
500 Command not understood
Posts: 3
Joined: 2016-07-28 14:25

Re: Filezilla issue after update

#7 Post by savvygents » 2016-07-28 14:33

Update: My partner that has not yet updated to the new version can connect perfectly. So def something with the new update.

ianhaney
504 Command not implemented
Posts: 9
Joined: 2016-02-07 10:08
First name: Ian
Last name: Haney

Re: Filezilla issue after update

#8 Post by ianhaney » 2016-07-28 14:41

I thought that too, I spoke to my hosting and only way around it at the mo is to use the plain FTP as encryption as long as the password is safe and not a easy one to guess so it can't be hacked or anything

User avatar
botg
Site Admin
Posts: 32473
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Filezilla issue after update

#9 Post by botg » 2016-07-28 14:49

The new version of FileZilla is more strict about certificate chain verification and now rejects such malformed chains.
I spoke to my hosting and only way around it at the mo is to use the plain FTP as encryption
I know another way that doesn't compromise on security: It's your hosting provider fixing the server configuration so that it presents a well-formed chain. For most servers it's a dead trivial task, only a few lines in a text file need to be swapped around.

ianhaney
504 Command not implemented
Posts: 9
Joined: 2016-02-07 10:08
First name: Ian
Last name: Haney

Re: Filezilla issue after update

#10 Post by ianhaney » 2016-07-28 14:57

Oh right will ask them about that now

User avatar
boco
Contributor
Posts: 24789
Joined: 2006-05-01 03:28
Location: Germany

Re: Filezilla issue after update

#11 Post by boco » 2016-07-28 15:33

at the mo is to use the plain FTP as encryption as long as the password is safe and not a easy one to guess so it can't be hacked or anything
Since Plain FTP is no encryption at all, your safe and non-guessable password is sent in clear text over the wire/ether. Everyone can easily intercept and even modify traffic (routers and firewalls do that all the time). So much for the hacking.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

savvygents
500 Command not understood
Posts: 3
Joined: 2016-07-28 14:25

Re: Filezilla issue after update

#12 Post by savvygents » 2016-07-28 15:59

UPDATE: Just reinstalled the cert for the server (FTP Services) and it is now working as intended.

Note we are using WHM/CPanel

mikelade
500 Command not understood
Posts: 1
Joined: 2016-07-28 15:17
First name: Mike
Last name: Lade

Re: Filezilla issue after update

#13 Post by mikelade » 2016-07-28 17:00

I am also getting
Command: AUTH TLS
Response: 234 AUTH TLS OK.
Status: Initializing TLS...
Error: Received certificate chain could not be verified. Verification status is 66.
Error: Could not connect to server

after the upgrade this morning !

What do I need to do? Running Windows 10 on a PC

User avatar
botg
Site Admin
Posts: 32473
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Filezilla issue after update

#14 Post by botg » 2016-07-28 17:03

mikelade wrote:I am also getting
Command: AUTH TLS
Response: 234 AUTH TLS OK.
Status: Initializing TLS...
Error: Received certificate chain could not be verified. Verification status is 66.
Error: Could not connect to server

after the upgrade this morning !

What do I need to do? Running Windows 10 on a PC
Please contact your server administrator or server hosting provider for assistance to have the server's certificate chain fixed.

halsil
500 Command not understood
Posts: 5
Joined: 2015-11-05 00:05
First name: Harold
Last name: Silander

Re: Filezilla issue after update

#15 Post by halsil » 2016-07-28 21:55

I have this same problem. I risked my password to upload urgent data.

Even if I could correctly ask for a change, it would still take a few days for my provider to implement it.

It appears that many, many servers send certificates wrongly and many of FileZilla's users are being asked to contact their FTP providers with a request that they do not understand.

Perhaps Filezilla could provide a standard wording for our requests for servers to follow the correct rules?

And also back out this change until we have had a chance to ask our providers to comply?

Locked