What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
anonhuman
500 Syntax error
Posts: 12
Joined: 2019-05-20 17:05

What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#1 Post by anonhuman » 2019-05-20 17:14

Hi All,

Evidently, the "Connection terminated without SSL shutdown - buggy client" issue is still ongoing even in 2019. I get this message when connecting to my VSFTPD server on an Ubuntu 14.04 x64 server. I even have the following setting in my vsftpd.conf (as mentioned here https://github.com/bentonstark/starksof ... /issues/29):

Code: Select all

require_ssl_reuse=NO
The problem seems to happen after a period of inactivity. When I try to change directories after a period of inactivity in FileZilla, FileZilla freezes for a while, eventually disconnects, and then reconnects. However, this process takes so long that I usually just force the reconnection myself (which is much faster). Why does this take so long to happen, and why does it happen in the first place? What is the solution? Is there a setting to increase the timeout inactivity period? Here is what I get from the latest version of FileZilla client (3.42.1):

Code: Select all

Command:	CWD /domain/httpdocs/
Error:	Disconnected from server: ECONNABORTED - Connection aborted
Error:	Failed to retrieve directory listing
Status:	Disconnected from server
VSFTPD log shows:

Code: Select all

DEBUG: Client "IP", "Connection terminated without SSL shutdown - buggy client?"
I'm running VSFTPD version 3.0.2.

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#2 Post by botg » 2019-05-20 20:24

Nothing to fix, just silence the warning. The client is the orchestrator with FTP.

anonhuman
500 Syntax error
Posts: 12
Joined: 2019-05-20 17:05

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#3 Post by anonhuman » 2019-05-21 17:51

Is there a way to make the reconnect happen faster after a period of inactivity? The client freezes for so long...

As I mentioned, when this happens, it's faster for me to go to the "Site Manager" and connect again as oppose to manually waiting for FileZilla to re-establish the connection. It's too slow here and needs to be optimized, or is there a setting somewhere to make it give up on the connection faster???

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#4 Post by botg » 2019-05-21 20:01

anonhuman wrote:
2019-05-21 17:51
Is there a way to make the reconnect happen faster after a period of inactivity? The client freezes for so long...
Yes, make sure all firewalls and NAT routers sitting between the client and the server adhere to REQ-5 from RFC 5382.

anonhuman
500 Syntax error
Posts: 12
Joined: 2019-05-20 17:05

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#5 Post by anonhuman » 2019-05-21 20:52

I suppose you can cite RFC's all day long, but really, your client should handle this situation or at least give the end user an option to control it since not everything is going to operate based on recommendations.

I'm a developer as well, and I try to handle as many use-cases as possible... not limit them based on how things should work based on defined recommendations.

I think there should be a timeout period that recycles the connection (closes it), and then if the end user changes directory after the timeout period, it quickly reconnects. Not sure where the long wait time comes from, but it's sad that it's faster to go to the site manager, connect, and abort the old connection as oppose to FileZilla handling this better itself rather than waiting all this time, doing nothing, and finally re-establishing the connection after so long.

User avatar
boco
Contributor
Posts: 26914
Joined: 2006-05-01 03:28
Location: Germany

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#6 Post by boco » 2019-05-21 22:13

RFCs are not recommendations, they are standards, rules how you must implement something. Not complying to standards means you are doing it wrong.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#7 Post by botg » 2019-05-22 07:41

The long wait comes form a faulty firewall or NAT router dropping the connection without telling the client.

anonhuman
500 Syntax error
Posts: 12
Joined: 2019-05-20 17:05

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#8 Post by anonhuman » 2019-05-22 15:23

I have no control over that. I use ESET Smart Security as the firewall on my Windows PC, and my router runs DDWRT with custom TCP and UDP timeouts. I don't see how that would violate any standards. Plus, the client shouldn't lock up if that happens. It should be smart and figure out that the connection has been closed and re-establish it quicker than me manually having to interrupt whatever it's doing by reconnecting myself manually using the site manager. The lock up is truly unacceptable, and the client performs terribly in this case. I guess FileZilla locking up, waiting forever, and finally doing something is considered normal?

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#9 Post by botg » 2019-05-23 08:56

The client does not lock up.

For FileZilla the connection is still very much alive, it has not been told otherwise. It sends the next command on the way and waits for a reply. Unfortunately this command meets a firewall or NAT router cosplaying as sarlacc.

anonhuman
500 Syntax error
Posts: 12
Joined: 2019-05-20 17:05

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#10 Post by anonhuman » 2019-05-23 23:47

Couldn't there be a timeout option in FileZilla so that if it doesn't receive a response in a certain amount of time, it aborts the connection it thinks is still live and attempts a reconnect? I mean if data isn't received within about 2-3 seconds of sending a command, something is wrong with the connection. There's no need for it to wait as long as it does.

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#11 Post by botg » 2019-05-24 06:27

Couldn't there be a timeout option in FileZilla so that if it doesn't receive a response in a certain amount of time, it aborts the connection it thinks is still live and attempts a reconnect?
There already is, see first page of the settings dialog.
I mean if data isn't received within about 2-3 seconds of sending a command, something is wrong with the connection. There's no need for it to wait as long as it does.
2-3 seconds? It can take longer than that to spin up a drive literally on the other side of the world.

anonhuman
500 Syntax error
Posts: 12
Joined: 2019-05-20 17:05

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#12 Post by anonhuman » 2019-05-28 06:01

Disks on my servers are spinning all the time. Considering you can pretty much ping anywhere in the world within 500MS (and that's giving it a lot of leeway), I'd say 3 seconds is plenty. 10 seconds (the lowest I can set in the settings) is way too long. I believe this setting shouldn't have a minimum value requirement .

It would be nice if the settings didn't include things like "A proper server does not require this. Contact the server administrator if you need this." (for FTP Keep-alive) This is purely your opinion, and it's nonsense in my opinion :D. I'll use it so I don't run into this timeout issue and have to wait 10 seconds since I can't set it lower in the UI.

You're very quick to label something as "proper", "improper", "correct", "wrong"... There's always use-cases where these things need to happen. It's arrogant to consider these cases as "improper" or "wrong" when you don't have all of the information you need to make a valid conclusion.

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#13 Post by botg » 2019-05-28 07:49

How many years of experience do you think does someone need before it is not too quick to label things as proper/improper, correct/wrong?

anonhuman
500 Syntax error
Posts: 12
Joined: 2019-05-20 17:05

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#14 Post by anonhuman » 2019-05-28 19:11

Just because you have a certain amount of experience doesn't mean you can't learn something new. How many times are "experts" proven wrong about things anyways? I've found that "experts" usually aren't "experts". They just have lots of experience doing something the same way over and over again, but there's many ways to get things done. Even "experts" lack experience elsewhere or can't fathom every possibility as to how their "expert" knowledge can be used. Just when you thought you knew it all, something new pops up and causes you to rethink some of what you thought was right, wrong, proper, or improper.

Anyways, if a connection hasn't sent something within 3 seconds, something is wrong with the connection... no need to wait 10-20 seconds to abort and then reconnect. Internet infrastructures aren't that fragile... not in my part of the world anyways.

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: What is the fix for VSFTPD "Connection terminated without SSL shutdown - buggy client"?

#15 Post by botg » 2019-05-28 21:04

Anyways, if a connection hasn't sent something within 3 seconds, something is wrong with the connection...
[trumpmode]Wrong.[/trumpmode] It's perfectly fine for a connection to not send anything for years. There is not a single RFC that limits the amount of time a connection can stay alive. Quite the opposite, if one cannot determine whether a connection is still alive, RFC 5382 says to err on the side of caution, which is at least 2 hours 4 minutes.

Locked