GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#16 Post by docimart » 2010-12-14 15:47

saidly,
got kicked after 4 minutes. :(

i put the blame on gnutls

Code: Select all

Error:	GnuTLS error -8: A record packet with illegal version was received.
Error:	Disconnected from server: ECONNABORTED - Connection aborted
filezilla:

Code: Select all

FileZilla Client
----------------

Version:          3.3.5.1

Build information:
  Compiled for:   i686-pc-linux-gnu
  Compiled on:    i686-pc-linux-gnu
  Build date:     2010-12-14
  Compiled with:  gcc (SUSE Linux) 4.5.0 20100604 [gcc-4_5-branch revision 160292]
  Compiler flags: -O2 -g -m32 -march=i586 -mtune=i686 -fmessage-length=0 -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-protector -Wall -g -fexceptions

Linked against:
  wxWidgets:      2.8.10
  GnuTLS:         2.10.2

Operating system:
  Name:           Linux 2.6.34.7-0.5-default i686
  Version:        2.6

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#17 Post by docimart » 2010-12-14 17:46

no tls issue

Code: Select all

This doesn't seem a gnutls problem. Probably you are starting a TLS connection on a clear channel, or some protocol error in the ftp has occurred. Use wireshark to find our what happened

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#18 Post by docimart » 2010-12-14 19:09

tail vsftpd.log

Code: Select all

Tue Dec 14 19:58:10 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "200 PROT now Private."
Tue Dec 14 19:58:10 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "PWD"
Tue Dec 14 19:58:10 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "257 "/""
Tue Dec 14 19:58:10 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "TYPE I"
Tue Dec 14 19:58:10 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "200 Switching to Binary mode."
Tue Dec 14 19:58:10 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "PASV"
Tue Dec 14 19:58:10 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,163,0)."
Tue Dec 14 19:58:10 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "LIST"
Tue Dec 14 19:58:10 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "150 Here comes the directory listing."
Tue Dec 14 19:58:10 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "226 Directory send OK."
linux-6lu7:/var/log # tail vsftpd.log
Tue Dec 14 20:01:41 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "213 20101212202728"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "CWD /testuser"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "PWD"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "257 "/testuser""
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "PASV"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,104,209)."
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "LIST"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "150 Here comes the directory listing."
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "226 Directory send OK."
linux-6lu7:/var/log # tail vsftpd.log
Tue Dec 14 20:01:41 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "213 20101212202728"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "CWD /testuser"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "PWD"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "257 "/testuser""
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "PASV"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,104,209)."
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "LIST"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "150 Here comes the directory listing."
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "226 Directory send OK."
linux-6lu7:/var/log # tail vsftpd.log
Tue Dec 14 20:01:41 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "213 20101212202728"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "CWD /testuser"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "PWD"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "257 "/testuser""
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "PASV"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,104,209)."
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "LIST"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "150 Here comes the directory listing."
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "226 Directory send OK."
linux-6lu7:/var/log # tail vsftpd.log
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "PWD"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "257 "/testuser""
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "PASV"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,104,209)."
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP command: Client "127.0.0.1", "LIST"
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "150 Here comes the directory listing."
Tue Dec 14 20:01:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "226 Directory send OK."
Tue Dec 14 20:06:42 2010 [pid 3] [testuser] FTP response: Client "127.0.0.1", "421 Timeout."
Tue Dec 14 20:06:42 2010 [pid 2] [testuser] DEBUG: Client "127.0.0.1", "Connection terminated without SSL shutdown - buggy client?"

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#19 Post by docimart » 2010-12-14 19:13

http://trac.filezilla-project.org/ticket/4882

i will stop my investigation now.

User avatar
botg
Site Admin
Posts: 33056
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#20 Post by botg » 2010-12-14 21:36

Do you have continuous server logs instead of the same 10 lines 4 times over? What about the corresponding client logs?

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#21 Post by docimart » 2010-12-15 16:09

botg wrote:Do you have continuous server logs instead of the same 10 lines 4 times over? What about the corresponding client logs?
i did not test it.
as far i understood,, the error is more or less harmless, and either filezilla OR vsftpd is causing this

i will look into it tonight.
i have updated vsftpd to the latest version, but that doest not solve the issue.

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#22 Post by docimart » 2010-12-15 18:25

i am testing pure-ftpd now.
i have set the idle time for 90 min's, before users got kicked,, so i assume no error appeared within 90 min's

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#23 Post by docimart » 2010-12-15 19:43

no errors so far

Code: Select all

==> /var/log/messages <==
Dec 15 19:14:03 linux-6lu7 squid[3323]: logfileOpen: opening log /var/log/squid/netdb.state
Dec 15 19:14:03 linux-6lu7 squid[3323]: logfileClose: closing log /var/log/squid/netdb.state
Dec 15 19:14:03 linux-6lu7 squid[3323]: NETDB state saved; 0 entries, 0 msec
Dec 15 19:16:56 linux-6lu7 pure-ftpd: (exampleuser@127.0.0.1) [INFO] Timeout
Dec 15 19:18:18 linux-6lu7 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Dec 15 19:18:18 linux-6lu7 pure-ftpd: (?@127.0.0.1) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES256-SHA, 256 secret bits cipher
Dec 15 19:18:18 linux-6lu7 pure-ftpd: (?@127.0.0.1) [INFO] exampleuser is now logged in
Dec 15 19:22:43 linux-6lu7 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Dec 15 19:22:43 linux-6lu7 pure-ftpd: (?@127.0.0.1) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES256-SHA, 256 secret bits cipher
Dec 15 19:22:43 linux-6lu7 pure-ftpd: (?@127.0.0.1) [INFO] exampleuser is now logged in
Dec 15 19:32:15 linux-6lu7 smartd[3311]: Device: /dev/sda [SAT], SMART Usage Attribute: 194 Temperature_Celsius changed from 111 to 110
Dec 15 20:01:49 linux-6lu7 rsyslogd: -- MARK --
Dec 15 20:04:11 linux-6lu7 squid[3323]: logfileOpen: opening log /var/log/squid/netdb.state
Dec 15 20:04:11 linux-6lu7 squid[3323]: logfileClose: closing log /var/log/squid/netdb.state
Dec 15 20:04:11 linux-6lu7 squid[3323]: NETDB state saved; 0 entries, 66 msec
Dec 15 20:21:49 linux-6lu7 rsyslogd: -- MARK --
Dec 15 20:24:00 linux-6lu7 kernel: [12173.405155] [drm:atom_op_jump] *ERROR* atombios stuck in loop for more than 1sec aborting
Dec 15 20:24:00 linux-6lu7 kernel: [12173.405163] [drm:atom_execute_table_locked] *ERROR* atombios stuck executing F96A (len 493, WS 0, PS 4) @ 0xF9AB
Dec 15 20:41:49 linux-6lu7 rsyslogd: -- MARK --
login details:

Code: Select all

Status:	Connecting to 127.0.0.1:21...
Status:	Connection established, waiting for welcome message...
Response:	220-Welcome to Pure-FTPd.
Response:	220-You are user number 1 of 10 allowed.
Response:	220-Local time is now 19:22. Server port: 21.
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 90 minutes of inactivity.
Command:	AUTH TLS
Response:	234 AUTH TLS OK.
Status:	Initializing TLS...
Status:	Verifying certificate...
Command:	USER exampleuser
Status:	TLS/SSL connection established.
Response:	331 User exampleuser OK. Password required
Command:	PASS ******
Response:	230-Your bandwidth usage is restricted
Response:	230-User exampleuser has group access to:  ftpgroup   video     
Response:	230-OK. Current restricted directory is /
Response:	230 4307 Kbytes used (8%) - authorized: 51200 Kb
Command:	PBSZ 0
Response:	200 PBSZ=0
Command:	PROT P
Response:	200 Data protection level set to "private"
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is your current location
Status:	Directory listing successful
upon timed out/too long idle:

Code: Select all

Error:	GnuTLS error -9: A TLS packet with unexpected length was received.
Status:	Server did not properly shut down TLS connection
Error:	Disconnected from server: ECONNABORTED - Connection aborted
my conclusion is,, :
either the server sends wrong information,, or the client ( filezilla ) does not understand how to deal idle time is expired .
no gnutls errors since the login, so the error appears when the users got disconnected, or the idle time is too long.

the error does not cover vsftpd only
also when using pure ftpd this error shows up when using secure connections.

i recommend users to extend the idle time ,, in order to avoid the errors

the fpt server is ready to deploy on my prduction server

- THREAD CAN BE CLOSED -

Post Reply