FileZilla Forums

Welcome to the official discussion forums for FileZilla
https://forum.filezilla-project.org/

FTPS is not working

https://forum.filezilla-project.org/viewtopic.php?f=2&t=13034

Page 1 of 1

FTPS is not working

Posted: 2009-09-11 22:52
by franc
Hello,

i have a FTP-Server (proFTPd) which supports FTPS (FTP over TLS).
I have no problems to login with totalcommander over ftps, but with FileZilla it doesn't work.

I put into Server: ftps://myservername.tld

but after a while there is a timeout. In Total Commander the same connection works.

What is needed to connect with ftps in filezilla? Is it possible?

Thank you, regards, franc

Re: FTPS is not working

Posted: 2009-09-12 06:48
by boco
Explicit FTPS? Try ftpes://myservername.tld - ftps:// is for Implicit on port 990.

Re: FTPS is not working

Posted: 2009-09-12 08:48
by franc
Thank you, it't better now, but still not working:

My protocol in FileZilla:

Status: Resolving address of mydomain.tld
Status: Connecting to 11.22.33.44:21...
Status: Connection established, waiting for welcome message...
Response: 220 mydomain.tld FTP
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER ftp_user
Status: TLS/SSL connection established.
Response: 331 Password required for ftp_user
Command: PASS ************
Response: 230 User ftp_user logged in
Command: PBSZ 0
Response: 200 PBSZ 0 successful
Command: PROT P
Response: 200 Protection set to Private
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (92,51,165,202,200,176).
Command: LIST
Response: 150 Opening ASCII mode data connection for file list
Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
Response: 226 Transfer complete
Error: Failed to retrieve directory listing

What could it be?
It is the same in active mode.

Totalcommander gives me:

Code: Select all

----------
Connect to: (12.09.2009 10:41:13)
hostname=mydomain.tld
username=ftp_mydomain
startdir=/
mydomain.tld=11.22.33.44
220 mydomain.tld FTP
AUTH TLS
234 AUTH TLS successful
Cert subject: /C=DE/ST=State/O=MyName./CN=mydomain.tld/emailAddress=info@mydomain.tld
Cert issuer: /C=DE/ST=State/L=City/O=MyName./CN=MyName/emailAddress=info@mydomain.tld
USER ftp_mydomain
331 Password required for ftp_mydomain
PASS ***********
230 User ftp_mydomain logged in
SYST
215 UNIX Type: L8
FEAT
211-Features:
 MDTM
 AUTH TLS
 PBSZ
 PROT
 REST STREAM
 SIZE
211 End
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
OPTS UTF8 ON
500 OPTS UTF8 not understood
CWD /
250 CWD command successful
Connect ok!
PWD
257 "/" is the current directory
Get directory
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (92,51,165,202,242,103).
LIST -la
150 Opening ASCII mode data connection for file list
Download
Waiting for server...
226 Transfer complete
I found now:

http://trac.filezilla-project.org/ticket/3661

Where it seems to be a bug in my server. But it is my server and i don't fear any attacks from it, so is there a switch in FileZilla 3.x to switch the check of this "server bug" off?

If there is not, i just switch back to FileZilla 2 where it seems to work.

Re: FTPS is not working

Posted: 2009-09-12 08:57
by boco
Status: Server did not properly shut down TLS connection
This means your server has a security vulnerability.

See http://forum.filezilla-project.org/view ... f=2&t=7688 .

Re: FTPS is not working

Posted: 2009-09-12 09:22
by franc
boco wrote:
Status: Server did not properly shut down TLS connection
This means your server has a security vulnerability.

See http://forum.filezilla-project.org/view ... f=2&t=7688 .
Yes, i see it now. I have proFTPd 1.3.1 only. Need to update it, or to use another FTPS client, e.g. i stay with Total Commander, which works fine.

Re: FTPS is not working

Posted: 2009-09-12 12:02
by botg
It doesn't work fine, it's subject to a well known security vulnerability.

Re: FTPS is not working

Posted: 2009-09-12 14:57
by franc
But what is the security risk, if i use this "vulnerable program" just with my server?
I know my server and trust him. So where is the risk?

Anyway, mostly i don't use FTP(S) but SFTP with WinSCP, this is even more secure.
But when i upload some webpages to the server, with SSH i have to change owner to www-data, with proFTPd the ftp-users are uploading as www-root, this is handier.

Re: FTPS is not working

Posted: 2009-09-12 15:24
by botg
Subject to man-in-the-middle file truncation attacks.

Re: FTPS is not working

Posted: 2009-09-14 06:39
by franc
A nice dude gave me this link:

https://launchpad.net/~cschieli/+archive/ppa

I am on Ubuntu 8.04, so i put:

deb http://ppa.launchpad.net/cschieli/ppa/ubuntu hardy main
deb-src http://ppa.launchpad.net/cschieli/ppa/ubuntu hardy main

into:

/etc/apt/sources.list

and updated proftpd with aptitude and it works!

No more:

Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted

in the log.

Thank you, Hibbelharry!

Regards, franc
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited