TLS 1.3 woes

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
croadster
500 Command not understood
Posts: 1
Joined: 2019-02-19 08:39
First name: Cris
Last name: Roadster

TLS 1.3 woes

#1 Post by croadster » 2019-02-19 10:00

Currently it seems that there exist no FTP server that works properly with TLS 1.3 (or does anyone know any?)

We ourself have several VSFTPd (v3.0.3) and proFTPd (v1.3.6) servers running on Debian9 and/or Ubuntu 18.04 systems.
On some of these we use the deb.sury.org repo that provides a current openssl (v1.1.1a) library.

"Unfortunately" this also means that the ftp service on these servers will run with this openssl library and advertise TLS 1.3 support.
Since Filezilla v3.40 this leads to the problem that file uploads will fail sometimes and show the following error messages:

on vsftpd:

Code: Select all

Command:	LIST -a
Response:	150 Here comes the directory listing.
Response:	226 Directory send OK.
Command:	EPSV
Response:	229 Entering Extended Passive Mode (|||13136|)
Command:	STOR 0104724255.png
Response:	150 Ok to send data.
Response:	426 Failure reading network stream.
Error:	File transfer failed
Status:	Retrieving directory listing of "/_data"...
Status:	Directory listing of "/_data" successful

Status:	Disconnected from server
Error:	GnuTLS error -15: An unexpected TLS packet was received.
Status:	Disconnected from server: ECONNABORTED - Connection aborted
on proftpd:

Code: Select all

Command:	TYPE I
Response:	200 Type set to I
Command:	EPSV
Response:	229 Entering Extended Passive Mode (|||13118|)
Command:	STOR 0104724255.png
Response:	150 Opening BINARY mode data connection for 0104724255.png
Response:	450 Transfer aborted. Link to file server lost
Error:	File transfer failed
Status:	File transfer successful, transferred 15'369 bytes in 1 second
Status:	Starting upload of D:\_Temp\0104724255.png
Status:	Retrieving directory listing of "/httpdocs/test"...

Yes, I know that officially/currently both vsftpd and proftpd do not (fully) support TLS1.3
There is also no way to manually/forcefully disable TLS 1.3 support for these two ftp servers in a configuration file.
I did also read in this forum, that pureftp shows similar/same symptoms with TLS 1.3, though we did not test pureftp ourself.

This leaves me a bit questioning if the Filezilla client v3.40 TLS 1.3 implementation is really flawless, as it seems to not work with any ftp server out there...
But nontheless and while I still suspect that ALL these ftp servers are broken in regards to TLS 1.3, they all still advertise TLS 1.3 when running on a system with openssl 1.1.1x and with no simple way to disable it.

So, how hard would it be to implement an option in Filezilla, to disable TLS 1.3 on the client side of things? (similar to how WinSCP allows)

sudoranger
503 Bad sequence of commands
Posts: 21
Joined: 2019-01-27 06:33
First name: Sudo
Last name: Ranger

Re: TLS 1.3 woes

#2 Post by sudoranger » 2019-02-21 16:00

First of all WinSCP is older than my grandmother and not worth comparing to FileZilla. End users can freely use that if they are ok with that :)

This is a known issue and has been discussed since the past few weeks.

As we all know it, as in security-wise perspective, disabling TLS 1.3 also means downgrading. That's a no-go! There are a few backward compatibility PRs sent into those ftpd git repos and if you clone and compile e.g. proftpd (latest) it seems that it's using TLS 1.2 instead and works like charm. But, this is not a way to move forward as mentioned by @botg and I agree.

My workaround is for you to suggest your poor users/customers to use jailed sftp instead?

hnrk
500 Command not understood
Posts: 1
Joined: 2019-03-07 16:12

Re: TLS 1.3 woes

#3 Post by hnrk » 2019-03-07 16:22

Facing the same issue here. Filezilla can connect to vsftpd 3.0.3, and most of the time the first one or two file transfers succeed, but then I receive the same errors as the thread starter.

Logging:

Code: Select all

Trace:	CFtpControlSocket::FileTransfer()
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpFileTransferOpData::Send() in state 0
Status:	Starte Upload von C:\Users\usr\Desktop\test.file
Trace:	CFtpChangeDirOpData::Send() in state 0
Trace:	CFtpControlSocket::ResetOperation(0)
Trace:	CControlSocket::ResetOperation(0)
Trace:	CFtpChangeDirOpData::Reset(0) in state 0
Trace:	CFtpFileTransferOpData::SubcommandResult(0) in state 1
Trace:	CControlSocket::CheckOverwriteFile()
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpFileTransferOpData::Send() in state 5
Trace:	CFtpRawTransferOpData::Send() in state 2
Befehl:	PASV
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	227 Entering Passive Mode (37,228,132,233,39,116).
Trace:	CFtpRawTransferOpData::ParseResponse() in state 2
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpRawTransferOpData::Send() in state 4
Trace:	Binding data connection source IP to control connection source IP 192.168.1.31
Befehl:	STOR test.file
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocketImpl::Handshake()
Trace:	Trying to resume existing TLS session.
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: About to send CLIENT HELLO
Trace:	TLS handshake: Sent CLIENT HELLO
Trace:	CTlsSocketImpl::OnSend()
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	150 Ok to send data.
Trace:	CFtpRawTransferOpData::ParseResponse() in state 4
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpRawTransferOpData::Send() in state 5
Trace:	CTlsSocketImpl::OnRead()
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: Received HELLO RETRY REQUEST
Trace:	TLS handshake: Processed HELLO RETRY REQUEST
Trace:	TLS handshake: About to send CLIENT HELLO
Trace:	TLS handshake: Sent CLIENT HELLO
Trace:	CTlsSocketImpl::OnRead()
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: Received SERVER HELLO
Trace:	TLS handshake: Processed SERVER HELLO
Trace:	TLS handshake: Received ENCRYPTED EXTENSIONS
Trace:	TLS handshake: Processed ENCRYPTED EXTENSIONS
Trace:	TLS handshake: Received FINISHED
Trace:	TLS handshake: Processed FINISHED
Trace:	TLS handshake: About to send FINISHED
Trace:	TLS handshake: Sent FINISHED
Trace:	TLS Handshake successful
Trace:	TLS Session resumed
Trace:	Protocol: TLS1.3, Key exchange: ECDHE-PSK, Cipher: AES-256-GCM, MAC: AEAD
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocketImpl::Shutdown()
Trace:	CTransferSocket::TransferEnd(1)
Trace:	CFtpControlSocket::TransferEnd()
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	426 Failure reading network stream.
Trace:	CFtpRawTransferOpData::ParseResponse() in state 7
Trace:	CFtpControlSocket::ResetOperation(2)
Trace:	CControlSocket::ResetOperation(2)
Trace:	CFtpRawTransferOpData::Reset(2) in state 7
Trace:	CFtpFileTransferOpData::SubcommandResult(2) in state 7
Trace:	CFtpControlSocket::ResetOperation(2)
Trace:	CControlSocket::ResetOperation(2)
Trace:	CFtpFileTransferOpData::Reset(2) in state 7
Fehler:	Dateiübertragung fehlgeschlagen
Trace:	CFileZillaEnginePrivate::ResetOperation(2)
Trace:	CFtpControlSocket::FileTransfer()
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpFileTransferOpData::Send() in state 0
Status:	Starte Upload von C:\Users\usr\Desktop\test.file
Trace:	CFtpChangeDirOpData::Send() in state 0
Trace:	CFtpControlSocket::ResetOperation(0)
Trace:	CControlSocket::ResetOperation(0)
Trace:	CFtpChangeDirOpData::Reset(0) in state 0
Trace:	CFtpFileTransferOpData::SubcommandResult(0) in state 1
Status:	Empfange Verzeichnisinhalt für "/testing"...
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpListOpData::Send() in state 0
Trace:	CFtpChangeDirOpData::Send() in state 0
Trace:	CFtpControlSocket::ResetOperation(0)
Trace:	CControlSocket::ResetOperation(0)
Trace:	CFtpChangeDirOpData::Reset(0) in state 0
Trace:	CFtpListOpData::SubcommandResult(0) in state 1
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpListOpData::Send() in state 2
Trace:	CFtpRawTransferOpData::Send() in state 2
Befehl:	PASV
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	227 Entering Passive Mode (37,228,132,233,39,106).
Trace:	CFtpRawTransferOpData::ParseResponse() in state 2
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpRawTransferOpData::Send() in state 4
Trace:	Binding data connection source IP to control connection source IP 192.168.1.31
Befehl:	LIST
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocketImpl::Handshake()
Trace:	Trying to resume existing TLS session.
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: About to send CLIENT HELLO
Trace:	TLS handshake: Sent CLIENT HELLO
Trace:	CTlsSocketImpl::OnSend()
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	150 Here comes the directory listing.
Trace:	CFtpRawTransferOpData::ParseResponse() in state 4
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpRawTransferOpData::Send() in state 5
Trace:	CTlsSocketImpl::OnRead()
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: Received HELLO RETRY REQUEST
Trace:	TLS handshake: Processed HELLO RETRY REQUEST
Trace:	TLS handshake: About to send CLIENT HELLO
Trace:	TLS handshake: Sent CLIENT HELLO
Trace:	CTlsSocketImpl::OnRead()
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: Received SERVER HELLO
Trace:	TLS handshake: Processed SERVER HELLO
Trace:	TLS handshake: Received ENCRYPTED EXTENSIONS
Trace:	TLS handshake: Processed ENCRYPTED EXTENSIONS
Trace:	TLS handshake: Received FINISHED
Trace:	TLS handshake: Processed FINISHED
Trace:	TLS handshake: About to send FINISHED
Trace:	TLS handshake: Sent FINISHED
Trace:	TLS Handshake successful
Trace:	TLS Session resumed
Trace:	Protocol: TLS1.3, Key exchange: ECDHE-PSK, Cipher: AES-256-GCM, MAC: AEAD
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocketImpl::OnRead()
Trace:	TLS handshake: Received NEW SESSION TICKET
Trace:	TLS handshake: Processed NEW SESSION TICKET
Trace:	gnutls_record_recv returned spurious EAGAIN
Trace:	CTlsSocketImpl::OnRead()
Trace:	CTransferSocket::OnReceive(), m_transferMode=0
Trace:	CTransferSocket::TransferEnd(1)
Trace:	CFtpControlSocket::TransferEnd()
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	226 Directory send OK.
Trace:	CFtpRawTransferOpData::ParseResponse() in state 7
Trace:	CFtpControlSocket::ResetOperation(0)
Trace:	CControlSocket::ResetOperation(0)
Trace:	CFtpRawTransferOpData::Reset(0) in state 7
Trace:	CFtpListOpData::SubcommandResult(0) in state 3
Trace:	CFtpControlSocket::ResetOperation(0)
Trace:	CControlSocket::ResetOperation(0)
Trace:	CFtpListOpData::Reset(0) in state 3
Trace:	CFtpFileTransferOpData::SubcommandResult(0) in state 2
Trace:	CControlSocket::CheckOverwriteFile()
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpFileTransferOpData::Send() in state 5
Trace:	CFtpRawTransferOpData::Send() in state 2
Befehl:	PASV
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	227 Entering Passive Mode (37,228,132,233,39,108).
Trace:	CFtpRawTransferOpData::ParseResponse() in state 2
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpRawTransferOpData::Send() in state 4
Trace:	Binding data connection source IP to control connection source IP 192.168.1.31
Befehl:	STOR test.file
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocketImpl::Handshake()
Trace:	Trying to resume existing TLS session.
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: About to send CLIENT HELLO
Trace:	TLS handshake: Sent CLIENT HELLO
Trace:	CTlsSocketImpl::OnSend()
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	150 Ok to send data.
Trace:	CFtpRawTransferOpData::ParseResponse() in state 4
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpRawTransferOpData::Send() in state 5
Trace:	CTlsSocketImpl::OnRead()
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: Received HELLO RETRY REQUEST
Trace:	TLS handshake: Processed HELLO RETRY REQUEST
Trace:	TLS handshake: About to send CLIENT HELLO
Trace:	TLS handshake: Sent CLIENT HELLO
Trace:	CTlsSocketImpl::OnRead()
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: Received SERVER HELLO
Trace:	TLS handshake: Processed SERVER HELLO
Trace:	TLS handshake: Received ENCRYPTED EXTENSIONS
Trace:	TLS handshake: Processed ENCRYPTED EXTENSIONS
Trace:	TLS handshake: Received FINISHED
Trace:	TLS handshake: Processed FINISHED
Trace:	TLS handshake: About to send FINISHED
Trace:	TLS handshake: Sent FINISHED
Trace:	TLS Handshake successful
Trace:	TLS Session resumed
Trace:	Protocol: TLS1.3, Key exchange: ECDHE-PSK, Cipher: AES-256-GCM, MAC: AEAD
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocketImpl::Shutdown()
Trace:	CTransferSocket::TransferEnd(1)
Trace:	CFtpControlSocket::TransferEnd()
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	426 Failure reading network stream.
Trace:	CFtpRawTransferOpData::ParseResponse() in state 7
Trace:	CFtpControlSocket::ResetOperation(2)
Trace:	CControlSocket::ResetOperation(2)
Trace:	CFtpRawTransferOpData::Reset(2) in state 7
Trace:	CFtpFileTransferOpData::SubcommandResult(2) in state 7
Trace:	CFtpControlSocket::ResetOperation(2)
Trace:	CControlSocket::ResetOperation(2)
Trace:	CFtpFileTransferOpData::Reset(2) in state 7
Fehler:	Dateiübertragung fehlgeschlagen
Trace:	CFileZillaEnginePrivate::ResetOperation(2)
Trace:	CFtpControlSocket::FileTransfer()
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpFileTransferOpData::Send() in state 0
Status:	Starte Upload von C:\Users\usr\Desktop\test.file
Trace:	CFtpChangeDirOpData::Send() in state 0
Trace:	CFtpControlSocket::ResetOperation(0)
Trace:	CControlSocket::ResetOperation(0)
Trace:	CFtpChangeDirOpData::Reset(0) in state 0
Trace:	CFtpFileTransferOpData::SubcommandResult(0) in state 1
Status:	Empfange Verzeichnisinhalt für "/testing"...
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpListOpData::Send() in state 0
Trace:	CFtpChangeDirOpData::Send() in state 0
Trace:	CFtpControlSocket::ResetOperation(0)
Trace:	CControlSocket::ResetOperation(0)
Trace:	CFtpChangeDirOpData::Reset(0) in state 0
Trace:	CFtpListOpData::SubcommandResult(0) in state 1
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpListOpData::Send() in state 2
Trace:	CFtpRawTransferOpData::Send() in state 2
Befehl:	PASV
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	227 Entering Passive Mode (37,228,132,233,39,112).
Trace:	CFtpRawTransferOpData::ParseResponse() in state 2
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpRawTransferOpData::Send() in state 4
Trace:	Binding data connection source IP to control connection source IP 192.168.1.31
Befehl:	LIST
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocketImpl::Handshake()
Trace:	Trying to resume existing TLS session.
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: About to send CLIENT HELLO
Trace:	TLS handshake: Sent CLIENT HELLO
Trace:	CTlsSocketImpl::OnSend()
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	150 Here comes the directory listing.
Trace:	CFtpRawTransferOpData::ParseResponse() in state 4
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpRawTransferOpData::Send() in state 5
Trace:	CTlsSocketImpl::OnRead()
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: Received HELLO RETRY REQUEST
Trace:	TLS handshake: Processed HELLO RETRY REQUEST
Trace:	TLS handshake: About to send CLIENT HELLO
Trace:	TLS handshake: Sent CLIENT HELLO
Trace:	CTlsSocketImpl::OnRead()
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: Received SERVER HELLO
Trace:	TLS handshake: Processed SERVER HELLO
Trace:	TLS handshake: Received ENCRYPTED EXTENSIONS
Trace:	TLS handshake: Processed ENCRYPTED EXTENSIONS
Trace:	TLS handshake: Received FINISHED
Trace:	TLS handshake: Processed FINISHED
Trace:	TLS handshake: About to send FINISHED
Trace:	TLS handshake: Sent FINISHED
Trace:	TLS Handshake successful
Trace:	TLS Session resumed
Trace:	Protocol: TLS1.3, Key exchange: ECDHE-PSK, Cipher: AES-256-GCM, MAC: AEAD
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocketImpl::OnRead()
Trace:	TLS handshake: Received NEW SESSION TICKET
Trace:	TLS handshake: Processed NEW SESSION TICKET
Trace:	gnutls_record_recv returned spurious EAGAIN
Trace:	CTransferSocket::OnReceive(), m_transferMode=0
Trace:	CTransferSocket::TransferEnd(1)
Trace:	CFtpControlSocket::TransferEnd()
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	226 Directory send OK.
Trace:	CFtpRawTransferOpData::ParseResponse() in state 7
Trace:	CFtpControlSocket::ResetOperation(0)
Trace:	CControlSocket::ResetOperation(0)
Trace:	CFtpRawTransferOpData::Reset(0) in state 7
Trace:	CFtpListOpData::SubcommandResult(0) in state 3
Trace:	CFtpControlSocket::ResetOperation(0)
Trace:	CControlSocket::ResetOperation(0)
Trace:	CFtpListOpData::Reset(0) in state 3
Trace:	CFtpFileTransferOpData::SubcommandResult(0) in state 2
Trace:	CControlSocket::CheckOverwriteFile()
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpFileTransferOpData::Send() in state 5
Trace:	CFtpRawTransferOpData::Send() in state 2
Befehl:	PASV
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	227 Entering Passive Mode (37,228,132,233,39,112).
Trace:	CFtpRawTransferOpData::ParseResponse() in state 2
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpRawTransferOpData::Send() in state 4
Trace:	Binding data connection source IP to control connection source IP 192.168.1.31
Befehl:	STOR test.file
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocketImpl::Handshake()
Trace:	Trying to resume existing TLS session.
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: About to send CLIENT HELLO
Trace:	TLS handshake: Sent CLIENT HELLO
Trace:	CTlsSocketImpl::OnSend()
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	150 Ok to send data.
Trace:	CFtpRawTransferOpData::ParseResponse() in state 4
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpRawTransferOpData::Send() in state 5
Trace:	CTlsSocketImpl::OnRead()
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: Received HELLO RETRY REQUEST
Trace:	TLS handshake: Processed HELLO RETRY REQUEST
Trace:	TLS handshake: About to send CLIENT HELLO
Trace:	TLS handshake: Sent CLIENT HELLO
Trace:	CTlsSocketImpl::OnRead()
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: Received SERVER HELLO
Trace:	TLS handshake: Processed SERVER HELLO
Trace:	TLS handshake: Received ENCRYPTED EXTENSIONS
Trace:	TLS handshake: Processed ENCRYPTED EXTENSIONS
Trace:	TLS handshake: Received FINISHED
Trace:	TLS handshake: Processed FINISHED
Trace:	TLS handshake: About to send FINISHED
Trace:	TLS handshake: Sent FINISHED
Trace:	TLS Handshake successful
Trace:	TLS Session resumed
Trace:	Protocol: TLS1.3, Key exchange: ECDHE-PSK, Cipher: AES-256-GCM, MAC: AEAD
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocketImpl::Shutdown()
Trace:	CTransferSocket::TransferEnd(1)
Trace:	CFtpControlSocket::TransferEnd()
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	426 Failure reading network stream.
Trace:	CFtpRawTransferOpData::ParseResponse() in state 7
Trace:	CFtpControlSocket::ResetOperation(2)
Trace:	CControlSocket::ResetOperation(2)
Trace:	CFtpRawTransferOpData::Reset(2) in state 7
Trace:	CFtpFileTransferOpData::SubcommandResult(2) in state 7
Trace:	CFtpControlSocket::ResetOperation(2)
Trace:	CControlSocket::ResetOperation(2)
Trace:	CFtpFileTransferOpData::Reset(2) in state 7
Fehler:	Dateiübertragung fehlgeschlagen
Trace:	CFileZillaEnginePrivate::ResetOperation(2)
Status:	Empfange Verzeichnisinhalt für "/testing"...
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpListOpData::Send() in state 0
Trace:	CFtpChangeDirOpData::Send() in state 0
Trace:	CFtpControlSocket::ResetOperation(0)
Trace:	CControlSocket::ResetOperation(0)
Trace:	CFtpChangeDirOpData::Reset(0) in state 0
Trace:	CFtpListOpData::SubcommandResult(0) in state 1
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpListOpData::Send() in state 2
Trace:	CFtpRawTransferOpData::Send() in state 2
Befehl:	PASV
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	227 Entering Passive Mode (37,228,132,233,39,115).
Trace:	CFtpRawTransferOpData::ParseResponse() in state 2
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpRawTransferOpData::Send() in state 4
Trace:	Binding data connection source IP to control connection source IP 192.168.1.31
Befehl:	LIST
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocketImpl::Handshake()
Trace:	Trying to resume existing TLS session.
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: About to send CLIENT HELLO
Trace:	TLS handshake: Sent CLIENT HELLO
Trace:	CTlsSocketImpl::OnSend()
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	150 Here comes the directory listing.
Trace:	CFtpRawTransferOpData::ParseResponse() in state 4
Trace:	CControlSocket::SendNextCommand()
Trace:	CFtpRawTransferOpData::Send() in state 5
Trace:	CTlsSocketImpl::OnRead()
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: Received HELLO RETRY REQUEST
Trace:	TLS handshake: Processed HELLO RETRY REQUEST
Trace:	TLS handshake: About to send CLIENT HELLO
Trace:	TLS handshake: Sent CLIENT HELLO
Trace:	CTlsSocketImpl::OnRead()
Trace:	CTlsSocketImpl::ContinueHandshake()
Trace:	TLS handshake: Received SERVER HELLO
Trace:	TLS handshake: Processed SERVER HELLO
Trace:	TLS handshake: Received ENCRYPTED EXTENSIONS
Trace:	TLS handshake: Processed ENCRYPTED EXTENSIONS
Trace:	TLS handshake: Received FINISHED
Trace:	TLS handshake: Processed FINISHED
Trace:	TLS handshake: About to send FINISHED
Trace:	TLS handshake: Sent FINISHED
Trace:	TLS Handshake successful
Trace:	TLS Session resumed
Trace:	Protocol: TLS1.3, Key exchange: ECDHE-PSK, Cipher: AES-256-GCM, MAC: AEAD
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocketImpl::OnRead()
Trace:	TLS handshake: Received NEW SESSION TICKET
Trace:	TLS handshake: Processed NEW SESSION TICKET
Trace:	gnutls_record_recv returned spurious EAGAIN
Trace:	CTransferSocket::OnReceive(), m_transferMode=0
Trace:	CTransferSocket::TransferEnd(1)
Trace:	CFtpControlSocket::TransferEnd()
Trace:	CTlsSocketImpl::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Antwort:	226 Directory send OK.
Trace:	CFtpRawTransferOpData::ParseResponse() in state 7
Trace:	CFtpControlSocket::ResetOperation(0)
Trace:	CControlSocket::ResetOperation(0)
Trace:	CFtpRawTransferOpData::Reset(0) in state 7
Trace:	CFtpListOpData::SubcommandResult(0) in state 3
Trace:	CFtpControlSocket::ResetOperation(0)
Trace:	CControlSocket::ResetOperation(0)
Trace:	CFtpListOpData::Reset(0) in state 3
Status:	Anzeigen des Verzeichnisinhalts für "/testing" abgeschlossen
Trace:	CFileZillaEnginePrivate::ResetOperation(0)
In the past, serving over TLS 1.2, transfers ran smoothly and flawlessly, but since openssl updated to 1.1.1, tls errors are being received by filezilla.

What could we do to disable TLS 1.3 temporarily, as long as server implementations suck?

sudoranger
503 Bad sequence of commands
Posts: 21
Joined: 2019-01-27 06:33
First name: Sudo
Last name: Ranger

Re: TLS 1.3 woes

#4 Post by sudoranger » 2019-07-12 02:57

hnrk wrote:
2019-03-07 16:22
Facing the same issue here. Filezilla can connect to vsftpd 3.0.3, and most of the time the first one or two file transfers succeed, but then I receive the same errors as the thread starter.

In the past, serving over TLS 1.2, transfers ran smoothly and flawlessly, but since openssl updated to 1.1.1, tls errors are being received by filezilla.

What could we do to disable TLS 1.3 temporarily, as long as server implementations suck?
Hello there, if I'm not mistaken, I read somewhere in the forum that botg or boco mentioned that FZ is not using OpenSSL but rather GNUTLS or something like that. What OS are you using anyway this might be some old dependencies problem too, try upgrading those or find the root cause first and try to tackle it from there.

User avatar
boco
Contributor
Posts: 24685
Joined: 2006-05-01 03:28
Location: Germany

Re: TLS 1.3 woes

#5 Post by boco » 2019-07-13 00:05

The OpenSSL dependency is with server implementations, nothing to do with FileZilla (which definitely uses GnuTLS).

The server code does not know and thus is not aware of the TLS 1.3 implementation. It still assumes the highest available TLS version is 1.2 and simply advertises the highest it can find in the library. As a result, FileZilla and the server agree on that enryption version. Downgrades to lower versions are not supported (POODLE).

The server project will eventually update and offer true TLS 1.3 supports. But, let's face it - given how eager many hosters are for updating their software implementation, we'll have much fun for the years to come. Some aren't even offering FTP over TLS at all, in 2019. Abandon all hope...
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Post Reply