Updated To Version 3.10.0 Now Receiving Errors

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
User avatar
botg
Site Admin
Posts: 31265
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Updated To Version 3.10.0 Now Receiving Errors

#46 Post by botg » 2015-01-12 08:44

FileZilla: Do you speak French?
Server: Yes, I do
FileZilla: Très bien, nous continuons dans cette langue-là. Comment allez-vous?
Server: Huh? I'm sorry, I only said I would speak French to impress the ladies.
FileZilla: Je ne vous comprends pas. Vous devez parler français.

Two solutions: Either the server learns French or answers faithfully.

Cipri
500 Command not understood
Posts: 3
Joined: 2015-01-12 12:01
First name: Cipriano

Re: Updated To Version 3.10.0 Now Receiving Errors

#47 Post by Cipri » 2015-01-12 12:10

A lot of my users have contacted me that they're unable to connect to the FTP server since they updated. I use proftpd as a server, and have a valid SSL certificate installed (Matching hostname, not expired, trusted by an external/'official' CA (Though I read that doesn't matter), but my users still receive a timeout upon "Initializing TLS..."

Code: Select all

Status:	Resolving address of ftp014358.bytenet.nl
Status:	Connecting to 82.94.214.108:21...
Status:	Connection established, waiting for welcome message...
Response:	220 Byte Internet: Unauthorized entry forbidden
Command:	AUTH TLS
Response:	234 AUTH TLS successful
Status:	Initializing TLS...
* I just ran my server through https://ftptest.net/ (Using the 'Explicit FTP over TLS' option, which should work the same as FileZilla's `Use TLS if available`), and it claims it works.
* I tested with

Code: Select all

openssl s_client -connect ftp014358.bytenet.nl:21 -starttls ftp -CApath /usr/share/ca-certificates/mozilla/
and get the message "Verify return code: 0 (ok)" and everything seems to work just fine
* I tested with

Code: Select all

gnutls-cli -p 21 ftp014358.bytenet.nl -s
by typing 'AUTH TLS' and sending a

Code: Select all

killall -SIGALRM gnutls-cli
in another terminal, and get the message "Status: The certificate is trusted."

At this point I don't know what else I can try and do to make things work. I've listened in on the stream with ssldump, but can't learn more than 'It stops working somewhere in the handshake' from it.

tomnjerry
500 Command not understood
Posts: 2
Joined: 2015-01-11 21:43

Re: Updated To Version 3.10.0 Now Receiving Errors

#48 Post by tomnjerry » 2015-01-12 15:57

botg wrote:FileZilla: Do you speak French?
Server: Yes, I do
FileZilla: Très bien, nous continuons dans cette langue-là. Comment allez-vous?
Server: Huh? I'm sorry, I only said I would speak French to impress the ladies.
FileZilla: Je ne vous comprends pas. Vous devez parler français.

Two solutions: Either the server learns French or answers faithfully.
That is a childish, black and white, all or nothing view on things.

Your package starts off in one language, then upon the server indicating it speaks the requested language it switches. If the server then cannot understand the new language, your package then ignores the previous language used.

Come on?!? Really? That's poor programming at it's best. But it gives FileZilla users two solutions:
  • Either upgrade/fix the server to your view of "correct"
  • Or stop using FileZilla
I don't run my own server, so I guess it's the latter for me.

User avatar
boco
Contributor
Posts: 23925
Joined: 2006-05-01 03:28
Location: Germany

Re: Updated To Version 3.10.0 Now Receiving Errors

#49 Post by boco » 2015-01-12 16:09

Err, that's how tech stuff works. Either you outright declare what you support, and then truly support it, or you do not declare support at all. Everything else will inevitably fail.

There's no room for interpretation, guesswork and subtle hints between machines. That's human stuff. And computers ain't girls.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 31265
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Updated To Version 3.10.0 Now Receiving Errors

#50 Post by botg » 2015-01-12 18:02

Cipri wrote:A lot of my users have contacted me that they're unable to connect to the FTP server since they updated. I use proftpd as a server, and have a valid SSL certificate installed (Matching hostname, not expired, trusted by an external/'official' CA (Though I read that doesn't matter), but my users still receive a timeout upon "Initializing TLS..."

Code: Select all

Status:	Resolving address of ftp014358.bytenet.nl
Status:	Connecting to 82.94.214.108:21...
Status:	Connection established, waiting for welcome message...
Response:	220 Byte Internet: Unauthorized entry forbidden
Command:	AUTH TLS
Response:	234 AUTH TLS successful
Status:	Initializing TLS...
* I just ran my server through https://ftptest.net/ (Using the 'Explicit FTP over TLS' option, which should work the same as FileZilla's `Use TLS if available`), and it claims it works.
* I tested with

Code: Select all

openssl s_client -connect ftp014358.bytenet.nl:21 -starttls ftp -CApath /usr/share/ca-certificates/mozilla/
and get the message "Verify return code: 0 (ok)" and everything seems to work just fine
* I tested with

Code: Select all

gnutls-cli -p 21 ftp014358.bytenet.nl -s
by typing 'AUTH TLS' and sending a

Code: Select all

killall -SIGALRM gnutls-cli
in another terminal, and get the message "Status: The certificate is trusted."

At this point I don't know what else I can try and do to make things work. I've listened in on the stream with ssldump, but can't learn more than 'It stops working somewhere in the handshake' from it.

Thanks, this is most interesting.

For some reason gnutls-cli works even when using the very same ciphers used by FileZilla:

Code: Select all

gnutls-cli ftp014358.bytenet.nl -s -p 21 --crlf --insecure --priority="SECURE256:+SECURE128:+ARCFOUR-128:-3DES-CBC:-MD5:+SIGN-ALL:-SIGN-RSA-MD5:+CTYPE-X509:-CTYPE-OPENPGP:-VERS-SSL3.0"

User avatar
botg
Site Admin
Posts: 31265
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Updated To Version 3.10.0 Now Receiving Errors

#51 Post by botg » 2015-01-12 18:10

From a detailed trace using a special FZ debug build:
19:09:39 Status: Initializing TLS...
19:09:39 Trace: tls: 4 REC[05135BB8]: Allocating epoch #0
19:09:39 Trace: CTlsSocket::Handshake()
19:09:39 Trace: CTlsSocket::ContinueHandshake()
19:09:39 Trace: tls: 2 ASSERT: gnutls_constate.c:583
19:09:39 Trace: tls: 4 REC[05135BB8]: Allocating epoch #1
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 (C0.73)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 (C0.72)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_ECDSA_ARCFOUR_128_SHA1 (C0.07)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: RSA_AES_256_GCM_SHA384 (00.9D)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: RSA_ARCFOUR_128_SHA1 (00.05)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_RSA_AES_256_GCM_SHA384 (00.9F)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.7D)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 (00.6B)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA256 (00.C4)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256 (00.9E)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.7C)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 (00.67)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA256 (00.BE)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_DSS_AES_256_GCM_SHA384 (00.A3)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_GCM_SHA384 (C0.81)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 (00.6A)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA256 (00.C3)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 (00.87)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_DSS_AES_128_GCM_SHA256 (00.A2)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_GCM_SHA256 (C0.80)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 (00.40)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA256 (00.BD)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 (00.44)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Keeping ciphersuite: DHE_DSS_ARCFOUR_128_SHA1 (00.66)
19:09:39 Trace: tls: 3 EXT[05135BB8]: Sending extension STATUS REQUEST (5 bytes)
19:09:39 Trace: tls: 3 EXT[05135BB8]: Sending extension SERVER NAME (25 bytes)
19:09:39 Trace: tls: 3 EXT[05135BB8]: Sending extension SAFE RENEGOTIATION (1 bytes)
19:09:39 Trace: tls: 3 EXT[05135BB8]: Sending extension SESSION TICKET (0 bytes)
19:09:39 Trace: tls: 3 EXT[05135BB8]: Sending extension SUPPORTED ECC (8 bytes)
19:09:39 Trace: tls: 3 EXT[05135BB8]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
19:09:39 Trace: tls: 3 EXT[05135BB8]: sent signature algo (5.1) RSA-SHA384
19:09:39 Trace: tls: 3 EXT[05135BB8]: sent signature algo (5.3) ECDSA-SHA384
19:09:39 Trace: tls: 3 EXT[05135BB8]: sent signature algo (6.1) RSA-SHA512
19:09:39 Trace: tls: 3 EXT[05135BB8]: sent signature algo (6.3) ECDSA-SHA512
19:09:39 Trace: tls: 3 EXT[05135BB8]: sent signature algo (4.1) RSA-SHA256
19:09:39 Trace: tls: 3 EXT[05135BB8]: sent signature algo (4.2) DSA-SHA256
19:09:39 Trace: tls: 3 EXT[05135BB8]: sent signature algo (4.3) ECDSA-SHA256
19:09:39 Trace: tls: 3 EXT[05135BB8]: sent signature algo (3.1) RSA-SHA224
19:09:39 Trace: tls: 3 EXT[05135BB8]: sent signature algo (3.2) DSA-SHA224
19:09:39 Trace: tls: 3 EXT[05135BB8]: sent signature algo (3.3) ECDSA-SHA224
19:09:39 Trace: tls: 3 EXT[05135BB8]: sent signature algo (2.1) RSA-SHA1
19:09:39 Trace: tls: 3 EXT[05135BB8]: sent signature algo (2.2) DSA-SHA1
19:09:39 Trace: tls: 3 EXT[05135BB8]: sent signature algo (2.3) ECDSA-SHA1
19:09:39 Trace: tls: 3 EXT[05135BB8]: Sending extension SIGNATURE ALGORITHMS (28 bytes)
19:09:39 Trace: tls: 3 HSK[05135BB8]: CLIENT HELLO was queued [262 bytes]
19:09:39 Trace: tls: 7 HWRITE: enqueued [CLIENT HELLO] 262. Total 262 bytes.
19:09:39 Trace: tls: 7 HWRITE FLUSH: 262 bytes in buffer.
19:09:39 Trace: tls: 4 REC[05135BB8]: Preparing Packet Handshake(22) with length: 262 and min pad: 0
19:09:39 Trace: tls: 9 ENC[05135BB8]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
19:09:39 Trace: tls: 7 WRITE: enqueued 267 bytes for 03997118. Total 267 bytes.
19:09:39 Trace: tls: 4 REC[05135BB8]: Sent Packet[1] Handshake(22) in epoch 0 and length: 267
19:09:39 Trace: tls: 7 HWRITE: wrote 1 bytes, 0 bytes left.
19:09:39 Trace: tls: 7 WRITE FLUSH: 267 bytes in buffer.
19:09:39 Trace: CTlsSocket::PushFunction(267)
19:09:39 Trace: returning 267
19:09:39 Trace: tls: 7 WRITE: wrote 267 bytes, 0 bytes left.
19:09:39 Trace: tls: 2 ASSERT: gnutls_buffers.c:1073
19:09:39 Trace: CTlsSocket::PullFunction(5)
19:09:39 Trace: tls: 7 READ: -1 returned from 03997118, errno=0 gerrno=11
19:09:39 Trace: tls: 2 ASSERT: gnutls_buffers.c:518
19:09:39 Trace: CTlsSocket::OnSend()
19:09:39 Trace: CTlsSocket::OnRead()
19:09:39 Trace: CTlsSocket::ContinueHandshake()
19:09:39 Trace: tls: 2 ASSERT: gnutls_buffers.c:1073
19:09:39 Trace: CTlsSocket::PullFunction(5)
19:09:39 Trace: tls: 7 READ: -1 returned from 03997118, errno=0 gerrno=11
19:09:39 Trace: tls: 2 ASSERT: gnutls_buffers.c:518
19:09:39 Trace: CTlsSocket::OnRead()
19:09:39 Trace: CTlsSocket::ContinueHandshake()
19:09:39 Trace: tls: 2 ASSERT: gnutls_buffers.c:1073
19:09:39 Trace: CTlsSocket::PullFunction(5)
19:09:39 Trace: returning 5
19:09:39 Trace: tls: 7 READ: Got 5 bytes from 03997118
19:09:39 Trace: tls: 7 READ: read 5 bytes from 03997118
19:09:39 Trace: tls: 7 RB: Have 0 bytes into buffer. Adding 5 bytes.
19:09:39 Trace: tls: 7 RB: Requested 5 bytes
19:09:39 Trace: tls: 4 REC[05135BB8]: SSL 3.1 Handshake packet received. Epoch 0, length: 81
19:09:39 Trace: tls: 4 REC[05135BB8]: Expected Packet Handshake(22)
19:09:39 Trace: tls: 4 REC[05135BB8]: Received Packet Handshake(22) with length: 81
19:09:39 Trace: CTlsSocket::PullFunction(81)
19:09:39 Trace: returning 81
19:09:39 Trace: tls: 7 READ: Got 81 bytes from 03997118
19:09:39 Trace: tls: 7 READ: read 81 bytes from 03997118
19:09:39 Trace: tls: 7 RB: Have 5 bytes into buffer. Adding 81 bytes.
19:09:39 Trace: tls: 7 RB: Requested 86 bytes
19:09:39 Trace: tls: 4 REC[05135BB8]: Decrypted Packet[0] Handshake(22) with length: 81
19:09:39 Trace: tls: 6 BUF[REC]: Inserted 81 bytes of Data(22)
19:09:39 Trace: tls: 3 HSK[05135BB8]: SERVER HELLO (2) was received. Length 77[77], frag offset 0, frag length: 77, sequence: 0
19:09:39 Trace: tls: 3 HSK[05135BB8]: Server's version: 3.1
19:09:39 Trace: tls: 3 HSK[05135BB8]: SessionID length: 32
19:09:39 Trace: tls: 3 HSK[05135BB8]: SessionID: 764913764e1f7ac6c61d5245391f98bd7b2a13e6a2cf5e9100bccc241c66ae7a
19:09:39 Trace: tls: 3 HSK[05135BB8]: Selected cipher suite: RSA_AES_256_CBC_SHA1
19:09:39 Trace: tls: 3 HSK[05135BB8]: Selected compression method: NULL (0)
19:09:39 Trace: tls: 3 EXT[05135BB8]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
19:09:39 Trace: tls: 3 HSK[05135BB8]: Safe renegotiation succeeded
19:09:39 Trace: tls: 2 ASSERT: gnutls_buffers.c:1073
19:09:39 Trace: CTlsSocket::PullFunction(5)
19:09:39 Trace: returning 5
19:09:39 Trace: tls: 7 READ: Got 5 bytes from 03997118
19:09:39 Trace: tls: 7 READ: read 5 bytes from 03997118
19:09:39 Trace: tls: 7 RB: Have 0 bytes into buffer. Adding 5 bytes.
19:09:39 Trace: tls: 7 RB: Requested 5 bytes
19:09:39 Trace: tls: 4 REC[05135BB8]: SSL 3.1 Handshake packet received. Epoch 0, length: 1290
19:09:39 Trace: tls: 4 REC[05135BB8]: Expected Packet Handshake(22)
19:09:39 Trace: tls: 4 REC[05135BB8]: Received Packet Handshake(22) with length: 1290
19:09:39 Trace: CTlsSocket::PullFunction(1290)
19:09:39 Trace: returning 1290
19:09:39 Trace: tls: 7 READ: Got 1290 bytes from 03997118
19:09:39 Trace: tls: 7 READ: read 1290 bytes from 03997118
19:09:39 Trace: tls: 7 RB: Have 5 bytes into buffer. Adding 1290 bytes.
19:09:39 Trace: tls: 7 RB: Requested 1295 bytes
19:09:39 Trace: tls: 4 REC[05135BB8]: Decrypted Packet[1] Handshake(22) with length: 1290
19:09:39 Trace: tls: 6 BUF[REC]: Inserted 1290 bytes of Data(22)
19:09:39 Trace: tls: 3 HSK[05135BB8]: CERTIFICATE (11) was received. Length 1286[1286], frag offset 0, frag length: 1286, sequence: 0
19:09:39 Trace: tls: 2 ASSERT: gnutls_buffers.c:1073
19:09:39 Trace: CTlsSocket::PullFunction(5)
19:09:39 Trace: returning 5
19:09:39 Trace: tls: 7 READ: Got 5 bytes from 03997118
19:09:39 Trace: tls: 7 READ: read 5 bytes from 03997118
19:09:39 Trace: tls: 7 RB: Have 0 bytes into buffer. Adding 5 bytes.
19:09:39 Trace: tls: 7 RB: Requested 5 bytes
19:09:39 Trace: tls: 4 REC[05135BB8]: SSL 3.1 Handshake packet received. Epoch 0, length: 16384
19:09:39 Trace: tls: 4 REC[05135BB8]: Expected Packet Handshake(22)
19:09:39 Trace: tls: 4 REC[05135BB8]: Received Packet Handshake(22) with length: 16384
19:09:39 Trace: CTlsSocket::PullFunction(16384)
19:09:39 Trace: returning 14006
19:09:39 Trace: tls: 7 READ: Got 14006 bytes from 03997118
19:09:39 Trace: CTlsSocket::PullFunction(2378)
19:09:39 Trace: tls: 7 READ: -1 returned from 03997118, errno=0 gerrno=11
19:09:39 Trace: tls: 7 READ: returning 14006 bytes from 03997118
19:09:39 Trace: tls: 7 READ: read 14006 bytes from 03997118
19:09:39 Trace: tls: 7 RB: Have 5 bytes into buffer. Adding 14006 bytes.
19:09:39 Trace: tls: 7 RB: Requested 16389 bytes
19:09:39 Trace: tls: 2 ASSERT: gnutls_buffers.c:546
19:09:39 Trace: tls: 2 ASSERT: gnutls_record.c:1180
19:09:39 Trace: CTlsSocket::OnRead()
19:09:39 Trace: CTlsSocket::ContinueHandshake()
19:09:39 Trace: tls: 2 ASSERT: gnutls_buffers.c:1073
19:09:39 Trace: tls: 4 REC[05135BB8]: SSL 3.1 Handshake packet received. Epoch 0, length: 16384
19:09:39 Trace: tls: 4 REC[05135BB8]: Expected Packet Handshake(22)
19:09:39 Trace: tls: 4 REC[05135BB8]: Received Packet Handshake(22) with length: 16384
19:09:39 Trace: CTlsSocket::PullFunction(2378)
19:09:39 Trace: returning 2378
19:09:39 Trace: tls: 7 READ: Got 2378 bytes from 03997118
19:09:39 Trace: tls: 7 READ: read 2378 bytes from 03997118
19:09:39 Trace: tls: 7 RB: Have 14011 bytes into buffer. Adding 2378 bytes.
19:09:39 Trace: tls: 7 RB: Requested 16389 bytes
19:09:39 Trace: tls: 4 REC[05135BB8]: Decrypted Packet[2] Handshake(22) with length: 16384
19:09:39 Trace: tls: 6 BUF[REC]: Inserted 16384 bytes of Data(22)
19:09:39 Trace: tls: 3 HSK[05135BB8]: CERTIFICATE REQUEST (13) was received. Length 38728[16380], frag offset 0, frag length: 16380, sequence: 0
19:09:39 Trace: tls: 2 ASSERT: gnutls_buffers.c:1182
This is odd. Your server requests a client certificate.


Furthermore, the entire handshake is ginormous, 38KiB?

User avatar
boco
Contributor
Posts: 23925
Joined: 2006-05-01 03:28
Location: Germany

Re: Updated To Version 3.10.0 Now Receiving Errors

#52 Post by boco » 2015-01-12 19:24

Now that's an interesting debug build. Do I set FZDebug to 0xffffffff? :twisted:
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 31265
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Updated To Version 3.10.0 Now Receiving Errors

#53 Post by botg » 2015-01-12 19:33

No. Set TLSDEBUG to 1 in src/engine/tlssocket.cpp:12
Unfortunately this debug logging is not thread-safe, it's a most ugly hack to get it to appear where it does. Expect crashes when using it.


That said, fixing this bug was very easy once I got to reproduce it. FileZilla 3.10.0.1 is building right now, should be out in a short while.

Thanks Cipri for the detailed bug report.



Interestingly this has not been a new bug, it's been there for over two years, possibly even ever since there has been FTP over TLS support. Until now nobody reported it with the means to reproduce it. This is why one does not obfuscate hostnames and IP addresses in logs. It prevents bugfixes.

User avatar
boco
Contributor
Posts: 23925
Joined: 2006-05-01 03:28
Location: Germany

Re: Updated To Version 3.10.0 Now Receiving Errors

#54 Post by boco » 2015-01-12 19:42

No, it's fine. Thread safety is a must for me.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 31265
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Updated To Version 3.10.0 Now Receiving Errors

#55 Post by botg » 2015-01-12 19:50

3.10.0.1 is out now.

R1Lover
500 Command not understood
Posts: 2
Joined: 2015-01-12 21:53
First name: Rhett
Last name: Buck

Re: Updated To Version 3.10.0 Now Receiving Errors

#56 Post by R1Lover » 2015-01-12 21:55

How about a power setting we can change the default behavior back if needed.

We support hundreds of thousands of users for our software, it would scare you to know how many poor hosting providers there are out there with poorly configured and outdated software on them.

We need a solution outside of using the site manager for normal FTP please.

The next solution is to move to something else, however we do love FZ, until this change!

Pretty please!

Cipri
500 Command not understood
Posts: 3
Joined: 2015-01-12 12:01
First name: Cipriano

Re: Updated To Version 3.10.0 Now Receiving Errors

#57 Post by Cipri » 2015-01-13 09:09

botg wrote: This is odd. Your server requests a client certificate.
Furthermore, the entire handshake is ginormous, 38KiB?


That said, fixing this bug was very easy once I got to reproduce it. FileZilla 3.10.0.1 is building right now, should be out in a short while.

Thanks Cipri for the detailed bug report.

Interestingly this has not been a new bug, it's been there for over two years, possibly even ever since there has been FTP over TLS support. Until now nobody reported it with the means to reproduce it. This is why one does not obfuscate hostnames and IP addresses in logs. It prevents bugfixes.
Thanks for the fix, glad I could help! We changed our ftpserver configuration to no longer ask for a Client Certificate (Which was out-of-the-box behaviour), since we don't use those. Doing that reduced the handshake size enough that 3.10.0.0 was able to connect.

User avatar
botg
Site Admin
Posts: 31265
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Updated To Version 3.10.0 Now Receiving Errors

#58 Post by botg » 2015-01-13 10:35

Which FTP server software are you using?

mimharp
500 Command not understood
Posts: 1
Joined: 2015-01-13 15:30

Re: Updated To Version 3.10.0 Now Receiving Errors

#59 Post by mimharp » 2015-01-13 15:35

I have tried all the suggestions listed, to no avail. I think I just need to get this on record that I, too, have downgraded to the previous version. I work three jobs and do not have time to be online/on the phone with Bluehost when the previous version works just fine. Excuses regarding badly configured servers aside, this is not my problem. "When it ain't broke, don't fix it." :roll:

User avatar
audiopro
226 Transfer OK
Posts: 281
Joined: 2013-03-23 12:55
First name: Keith
Location: Morecambe, England
Contact:

Re: Updated To Version 3.10.0 Now Receiving Errors

#60 Post by audiopro » 2015-01-13 15:52

botg wrote:3.10.0.1 is out now.
Can we look forward to something else breaking then?

An update to any software which prevents numerous users from working the way they did previously is a mistake.
Why change the default behaviour rather than offer it as an upgrade for servers which support it.
The ISP I use does not have a broken server, they simply do not allow TLS/SSH access on their shared servers.
Whether this is right or wrong is not of any concern to the authors of 3rd party software, no matter how good it is. :o
Morecambe - Where the sun goes at night

Locked