FileZilla Forums

Thank you for explaining the problem and what to do about it! I've started a ticket with Bluehost asking them to fix their server configurations and in the meantime I'm using the plain FTP option and I'm able to connect to my site successfully. Hopefully if enough people complain, Bluehost will fix things on their end! :)

Well played. Nice to see that, as usual, an update to "improve" service makes things immensely more difficult and frustrating.

Why change the default behaviour rather than offer it as an upgrade for servers which support it.

I think you don't get it:

The new default is "Use explicit FTP over TLS if available". That means, if the server announces support for FTP over TLS FileZilla attempts to use it. Nothing wrong with that. What IS actually wrong are thousands of hosting and ISP server that pretend to support FTPS but then bail out. That's not the way to configure a server right, either support it correctly or deny it outright.

I' ve resolved (I think) 3.10.0.1.

My setup is (look att)

You haven't resolved the issue, you have worked around it.

As Asty mentioned above in a different language... that is what I need

I don't know where to change TLS to FTP

*I also wish I had not upgraded

Status: Resolving address of ivyscraps.com
Status: Connecting to 66.147.244.96:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Server does not support non-ASCII characters.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PASV
Response: 227 Entering Passive Mode (66,147,244,96,183,131)
Command: MLSD
Error: Connection timed out
Error: Failed to retrieve directory listing

You can configure this on a per-site basis in the site manager. If you care about security you should not use plaintext FTP.

botg wrote:Which FTP server software are you using?

The server you tested against earlier was a ProFTPd-1.3.3a-6squeeze4, with some custom in-house patches, and the following config:

proftpd.conf wrote: <IfModule mod_tls.c>
TLSEngine on
TLSCACertificatePath /etc/ssl/certs/
TLSCertificateChainFile /etc/proftpd/ssl/wildcard.bytenet.nl.ca
TLSRSACertificateFile /etc/proftpd/ssl/wildcard.bytenet.nl.crt
TLSOptions NoSessionReuseRequired
</IfModule>

We added 'NoCertRequest' to the TLSOptions, and removed the 'TLSCACertificatePath' option, which combined reduced our handshake from 'ginormous' to 'normal' and it worked agian with 3.10.0

boco wrote:

Why change the default behaviour rather than offer it as an upgrade for servers which support it.

I think you don't get it:

The new default is "Use explicit FTP over TLS if available". That means, if the server announces support for FTP over TLS FileZilla attempts to use it. Nothing wrong with that. What IS actually wrong are thousands of hosting and ISP server that pretend to support FTPS but then bail out. That's not the way to configure a server right, either support it correctly or deny it outright.

My ISP have tested the TLS connection and report that it is actually working.

I am still unable to use it no matter what settings I use.
From the log file below, it appears to make the connection and then reports that it cannot make the connection because it refuses to talk to the router.
How is it making a connection to the server if it cannot get past the router?

----- log ------------------
Status: Retrieving directory listing...
Status: Directory listing of "/" successful
Status: Disconnected from server
Status: Connecting to xx,xxx,xxx,xxx:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Server does not support non-ASCII characters.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PORT xxx,xxx,x,xxx,xxx
Response: 500 I won't open a connection to (xxx router IP xxx) (only to xx,xx,xxx,xxx)
Command: PASV
Response: 227 Entering Passive Mode (xx,xxx,xxx,xxx,xx,xx)
Command: MLSD
Error: Connection timed out
Error: Failed to retrieve directory listing
-------------------------------------------------------------------------------------------------
I am not really bothered why it doesn't work or who's fault it is, I am just frustrated that I am wasting my time trying to sort out a problem which has been introduced by a software update.

The update hasn't introduce the problem. It has only increased the visibility of an old problem.

Command: PORT xxx,xxx,x,xxx,xxx
Response: 500 I won't open a connection to (xxx router IP xxx) (only to xx,xx,xxx,xxx)
Command: PASV
Response: 227 Entering Passive Mode (xx,xxx,xxx,xxx,xx,xx)

Censored logs make it impossible to analyze your issue.

The update hasn't introduce the problem.

It has for me.

If you want to use active mode, you need to configure FileZilla as well as your routers and firewalls as explained in the Network Configuration guide.

Sorry, I set it to active mode by mistake as I have been changing numerous settings in an attempt to get it to work.

I do care about security but I also have work to do and spending hours tinkering around with settings within software is not an option for me.

What is it on all these 'faulty servers' which is stopping Filezilla from working?

What is it on all these 'faulty servers' which is stopping Filezilla from working?

They don't reject FTPS.

My ISP tell me that their servers are compatible with TPL, why would they reject FTPS?