FileZilla Forums

Posting this here because I ran into this problem and started by searching here but had no luck.

After upgrading to 3.45.1, I could no longer connect to my pure-ftpd server with filezilla because it failed after an AUTH command:
Error: GnuTLS error -110: The TLS connection was non-properly terminated.
Status: Server did not properly shut down TLS connection
Error: Disconnected from server: ECONNABORTED - Connection aborted

Other clients seemed to work fine, though. As suggested by the sticky, it was a server problem. I just had a hell of a time finding what it was. The issue is a bug with pure-ftpd 1.0.46 and OpenSSL 1.1.1, which are the latest packages on Ubuntu 18.04
See: https://bugs.launchpad.net/ubuntu/+sour ... g/1832998/
and a fix: https://bugs.launchpad.net/ubuntu/+sour ... comments/8

Hopefully this helps someone!

Well, I see, the TLS 1.3 problem still hasn't been fixed...

Or rather, it has been fixed, but not backported to older distros.

It is end of March 2020 and still the same problem. TLS 1.3 fallback server does not properly respond to FileZilla FTP client, so it does not establish connection with TLS 1.2.
I know FileZilla CLIENT is trying to strictly follow connection closing on both ends, but may I ask for REAL LIFE IMPLEMENTATION of some workaround, which would make FileZilla usable again?

Without such solution we'll be stuck at FileZilla versions prior to 3.39 or forced to use other FTP clients, because most of FTP client users do not have access to FTP servers. I think it is easier for FileZilla project to loosen up those strict policy a bit just to conform with real life situation, than to wait for FTP server developers to change the way server talks to clients.
Hope this makes sense.

May we expect some workaround or solution in near future?

TLS 1.3 fallback server does not properly respond to FileZilla FTP client, so it does not establish connection with TLS 1.2.

The problem is that these servers advertise a TLS version they do not support.

I know FileZilla CLIENT is trying to strictly follow connection closing on both ends, but may I ask for REAL LIFE IMPLEMENTATION of some workaround, which would make FileZilla usable again?

Nope. Security allows no compromises of any kind. Falling back to any lower TLS version is explicitly NOT allowed, to prevent downgrade attacks (like with the POODLE attack).

I think it is easier for FileZilla project to loosen up those strict policy a bit just to conform with real life situation, than to wait for FTP server developers to change the way server talks to clients.

If you expect FileZilla to relax anything security-related, I'm sorry, you are out of luck here. The FileZilla dev explicitly stated multiple times that security will NEVER be relaxed, only tightened.

Hope this makes sense.

Nope. Inconvenience is always better as insecurity, sorry. If these servers did not advertise TLS 1.3 in the first place, everything would be good.

May we expect some workaround or solution in near future?

One and only solution: Have the server fixed. Sorry if you don't like that.

Makes sense, your answers, I guess.
So I investigated and found easy solution which works on my Ubuntu 18.04 server:
https://bugs.launchpad.net/ubuntu/+sour ... comments/8

Looks lke nothing is broken, all works fine.