Newest upgrade will not let me connect to my server

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
User avatar
botg
Site Admin
Posts: 32718
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Newest upgrade will not let me connect to my server

#16 Post by botg » 2016-05-03 07:08

The server admin doesn't want to fix it. What can we do?
:shock: A server administrator that does not want to fix a security vulnerability in his server? I'm shocked. Shocked I tell you!

famblycat
500 Command not understood
Posts: 1
Joined: 2016-05-09 13:53

Re: Newest upgrade will not let me connect to my server

#17 Post by famblycat » 2016-05-09 13:56

I like this software and have used it for years. That said, this kind of hardline tactic is dissapointing. I have no control over whether this is changed on the servers I need to connect to in order to do my work. I guess I'll need to look for a different SFTP client, which is sad because, like I said, I like this one.

eliot1786
500 Command not understood
Posts: 1
Joined: 2016-05-27 22:02
First name: Stephen
Last name: Dewey

Re: Newest upgrade will not let me connect to my server

#18 Post by eliot1786 » 2016-05-27 22:08

I also have to complain about this, even though I love Filezilla and otherwise love your hard work.

One server I need to connect to has an old operating system (not Linux or Windows) which is no longer being updated, and only has the diffie-hellman-group1-sha1 method. Rest assured that the company in question is working hard to migrate off this OS, but it is going to take them a couple of years. So now I have to find a new FTP client, even though FileZilla is by far my favorite.

Can't you just give a checkbox in Settings to enable this method, with a big fat warning that it is insecure?

I mean for goodness sake, Filezilla supports FTP which isn't even encrypted, but you haven't disabled that.

User avatar
boco
Contributor
Posts: 24971
Joined: 2006-05-01 03:28
Location: Germany

Re: Newest upgrade will not let me connect to my server

#19 Post by boco » 2016-05-27 23:48

I mean for goodness sake, Filezilla supports FTP which isn't even encrypted, but you haven't disabled that.
Not yet.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

CieNTi
500 Command not understood
Posts: 2
Joined: 2016-08-26 20:07
First name: CieNTi

Re: Newest upgrade will not let me connect to my server

#20 Post by CieNTi » 2016-08-26 20:20

Hello there,

First of all, thanks FileZilla team for this great application.

Second, botg I think you try to 'defend' FileZilla over the logical: It's nice to warn us about a possible security break but thinking about "user will skip the window" is not your decision, FileZilla is about to transfers, not about antivirus/firewall jobs. Forcing user to do things is the straight way to loose users.

I lost a lot of time by thinking I was doing something wrong, and nope, was an update of imposed rules.

It's nice to care about our security, but saying "tell the admin to fix" is not the solution because as others already said, this update made a big lost of time converted to big lost of money.

And of course, thinking that FileZilla is used against pure servers is a BIG mistake ... did you think about that devices, embedded devices, having 'only that server' and not a different or update/upgrade'able one? Thanks, now I can't connect to 10 embedded devices.

Finally, I say thanks to FileZilla development, I'm using it for free and I can't just come here to complaint ... I'm complaining about botg and that kind of "I will try to convince the user instead of think"

No, a forced behaviour which radically changes the user workflow is not a nice solution, don't try to convince us please, is like calling stupid at our face

CieNTi
500 Command not understood
Posts: 2
Joined: 2016-08-26 20:07
First name: CieNTi

Re: Newest upgrade will not let me connect to my server

#21 Post by CieNTi » 2016-08-26 20:38

barrychai wrote:downgrade to 3.16.0 would fix our issue.

https://sourceforge.net/projects/filezi ... nt/3.16.0/
Thanks, works perfectly

User avatar
boco
Contributor
Posts: 24971
Joined: 2006-05-01 03:28
Location: Germany

Re: Newest upgrade will not let me connect to my server

#22 Post by boco » 2016-08-27 00:23

Bad advice.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

apicton68
500 Command not understood
Posts: 1
Joined: 2016-11-29 17:33
First name: Andy
Last name: Picton

Re: Newest upgrade will not let me connect to my server

#23 Post by apicton68 » 2016-11-29 17:42

I really have to agree with all of the other people. I have used FileZilla for years, but I can't control other companies servers. If they don't care about security flaws...and the data isn't of a confidential nature anyhow, then what can we users do?

You are forcing us to either downgrade to an old version or find another solution. As a business owner, if it were my software, I'd try to keep people using my newest version to keep it relevant and in demand.

(It's safer to drive wearing seatbelts too, but cars aren't disabled if you don't want to use them... )

User avatar
boco
Contributor
Posts: 24971
Joined: 2006-05-01 03:28
Location: Germany

Re: Newest upgrade will not let me connect to my server

#24 Post by boco » 2016-11-30 00:58

As a business owner, if it were my software, I'd try to keep people using my newest version to keep it relevant and in demand.
By making the newest version exactly as insecure as the old ones? Srsly?
It's safer to drive wearing seatbelts too, but cars aren't disabled if you don't want to use them...
Only a matter of time, eventually wearing seatbelts will be enforced. Some people won't learn, otherwise.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 32718
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Newest upgrade will not let me connect to my server

#25 Post by botg » 2016-11-30 08:34

apicton68 wrote:I really have to agree with all of the other people. I have used FileZilla for years, but I can't control other companies servers. If they don't care about security flaws...and the data isn't of a confidential nature anyhow, then what can we users do?
Another option: Stop doing business with a company that runs broken or insecure servers.

george.perkins
500 Command not understood
Posts: 1
Joined: 2017-03-10 17:41
First name: George
Last name: Perkins

Re: Newest upgrade will not let me connect to my server

#26 Post by george.perkins » 2017-03-10 18:12

The snarky remarks do not help the situation. Actual users who have no control over SFTP servers should not be ridiculed for a simple question.

Using the old version of FileZilla 3.16 which still allows SHA-1 is a simple solution. That posting without all the snark would have sufficed.

In support of the sysadmins out there who know they have old SHA-1 servers, but non-technical management won't fund or prioritize the upgrade, well that is not a sysadmin problem, that's a business problem. Again snark doesn't solve the problem.

P.S. Ran into this issue myself, thanks for the link to the 3.16 download.

User avatar
botg
Site Admin
Posts: 32718
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Newest upgrade will not let me connect to my server

#27 Post by botg » 2017-03-10 18:18

I don't think you understand the gravity of the issue. Using known broken ciphers is just as bad as blasting out your passwords in plaintext. Heck, you could just as well post them on Twitter.

GlacialSpoon
500 Command not understood
Posts: 1
Joined: 2017-03-16 12:31
First name: Rob
Last name: K

Re: Newest upgrade will not let me connect to my server

#28 Post by GlacialSpoon » 2017-03-16 12:37

@botg Yeah, I think we do get it, we just have little choice in the short-term.

Of course it's a bad idea to use broken ciphers but if a third party provider or business client still has them in use all we can do is ask them to change. In the meantime we can't do any of our work using your tool.
A warning plus option to skip is the best solution.

Time to get a new tool fellas. This tool refuses to help (double meaning totally intended).

electricshaka
500 Command not understood
Posts: 1
Joined: 2017-03-22 19:25
First name: G
Last name: S

Re: Newest upgrade will not let me connect to my server

#29 Post by electricshaka » 2017-03-22 19:33

First off big thanks to Filezilla devs for all the hard work and a great FREE product.

I must +1 the argument that a warning be provided instead of a connection blocked entirely. The question I think Filezilla decision makers need to ask is "Do we want to play security God? Or do we want to play security Guide?". I have faith you'll eventually go the right route here.

FYI, WinSCP is doing it right for those of you looking for a client that offers a warning instead of rejecting the connection:
Image
https://winscp.net/eng/download.php

Again, thanks for the free amazing product. I've used it countless times!

User avatar
botg
Site Admin
Posts: 32718
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Newest upgrade will not let me connect to my server

#30 Post by botg » 2017-03-22 19:38

The question I think Filezilla decision makers need to ask is "Do we want to play security God? Or do we want to play security Guide?"
Want to or have to? We want to be the latter, but have to be the former. Experience has shown that unless users are forced to increase security, they simply won't.

Case-in-point illustrating the problem: Firefox bug 1348902 which has been talked about a lot this week.

Post Reply