Page 1 of 1

No shared cipher suite between FileZilla and vsftpd/openssl

Posted: 2012-01-10 13:21
by jrodrigosm
Hi,

Hello,

I'm trying to connect from a FileZilla client (v3.5.3 on Vista SP2 32bit) to a vsftpd server (v2.3.2 on Ubuntu 11.10). In the server, TLS services are implemented with OpenSSL 1.0.0e. I'm trying to connect using explicit FTPS. The client and the server are both in my LAN.

However, when I try to connect, I get the following error in Filezilla:

Code: Select all

Trace: GnuTLS alert 40: Handshake failed
Error:	GnuTLS error -12: A TLS fatal alert has been received.
On the server side, I get the following error in vsftpd's log:

Code: Select all

"SSL_accept failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher"
The server is configured to accept both SSLv3 and TLSv1.

I've been looking around and I'm not able to find a solution for this problem. It seems to me that the cipher suites used by FileZilla are somehow not being accepted by OpenSSL, but I do not understand why (or if this is actually the case), so I'm not able to solve the problem.

Any ideas? Thanks in advance for your help!

Re: No shared cipher suite between FileZilla and vsftpd/open

Posted: 2012-01-10 16:46
by rybka
I encountered the same issue with FileZilla client v3.5.3 and vsftpd server. I was able to work around it by using a different cipher suite in vsftpd's configuration. Try to add the line bellow to your vsftpd.conf file.

Code: Select all

ssl_ciphers=AES128-SHA 

Re: No shared cipher suite between FileZilla and vsftpd/open

Posted: 2012-01-10 19:33
by jrodrigosm
Thank you rybka!! I did a small variation of what you suggested (I set ssl_ciphers=HIGH), and it worked perfectly! I decided to use the HIGH cipher list instead of the suggested AES128-SHA because, given that I don't know which cipher suites are used in FileZilla, I did not want to risk a future FileZilla upgrade breaking the connection again.

Thank you again for the pointer!

Re: No shared cipher suite between FileZilla and vsftpd/open

Posted: 2012-01-10 21:04
by rybka
No problem, I’m glad you were able to resolve this issue.

Re: No shared cipher suite between FileZilla and vsftpd/open

Posted: 2012-01-26 20:56
by tronzilla
So I have been battling this one all day... Thank you ribka!

The only reason I found the answer here is because I turned:

debug_ssl=YES

on in the vsftpd.conf and restarted the service.

In the vsftpd.log you then receive the following extra information:

"SSL_accept failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher"

However, for future refrence, and to help others, this error appears as:

GnuTLS error -12: A TLS fatal alert has been received

Searching on the above does not lead you to the solution again provided in this thread.

Thanks again,

Carl

Re: No shared cipher suite between FileZilla and vsftpd/open

Posted: 2013-10-29 20:55
by kevin192
tronzilla wrote:So I have been battling this one all day... Thank you ribka!

I was looking for the answer for a long time and I finally found it here. I turned:

debug_ssl=YES

on in the vsftpd.conf and restarted the service.

In the vsftpd.log you then receive the following extra information:

"SSL_accept failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher"

However, for future refrence, and to help others, this error appears as:

GnuTLS error -12: A TLS fatal alert has been received

Searching on the above does not lead you to the solution again provided in this thread.

Thanks again,

Carl
Hello Carl,

I am having the same error, but I don't quite understand what I need to do here. I would appreciate it if you explain a little but more. Thank you.

Re: No shared cipher suite between FileZilla and vsftpd/open

Posted: 2013-10-29 21:42
by boco
viewtopic.php?p=90187#p90187

Did you try updating the cipers used by the server?