FileZilla Forums

Welcome to the official discussion forums for FileZilla
https://forum.filezilla-project.org/

Error GnuTLS -89 while ftpes:// connection

https://forum.filezilla-project.org/viewtopic.php?f=2&t=52841

Page 1 of 1

Error GnuTLS -89 while ftpes:// connection

Posted: 2020-04-23 18:20
by gaba
Hi!

After last update to version 3.47.2.1 on Debain Buster
(same as 3.48.0-rc1)
got an error while ftpes connection:

Code: Select all

220 Welcome to FTP.
CFtpLogonOpData::ParseResponse() in state 1
CControlSocket::SendNextCommand()
CFtpLogonOpData::Send() in state 2
AUTH TLS
CFtpControlSocket::OnReceive()
234 Proceed with negotiation.
CFtpLogonOpData::ParseResponse() in state 2
Инициализирую TLS...
tls_layer_impl::client_handshake()
tls_layer_impl::continue_handshake()
TLS handshake: About to send CLIENT HELLO
TLS handshake: Sent CLIENT HELLO
tls_layer_impl::on_send()
tls_layer_impl::continue_handshake()
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
TLS handshake: Received SERVER HELLO
TLS handshake: Processed SERVER HELLO
TLS handshake: Received CERTIFICATE
TLS handshake: Processed CERTIFICATE
TLS handshake: Received SERVER KEY EXCHANGE
TLS handshake: Processed SERVER KEY EXCHANGE
tls_layer_impl::failure(-89)
Ошибка:	Ошибка GnuTLS -89: Public key signature verification has failed.
Статус:	Не удалось установить соединение с "ECONNABORTED - Соединение прервано".
CRealControlSocket::OnSocketError(103)
CRealControlSocket::DoClose(66)
CControlSocket::DoClose(66)
CFtpControlSocket::ResetOperation(66)
CControlSocket::ResetOperation(66)
CFtpLogonOpData::Reset(66) in state 4
Previous version Filezilla work fine: 3.44 or 3.45

My system:
Debain Buster 5.4.0-0.bpo.4-amd64
GnuTLS 3.6.7-4+deb10u3

Remote server: vsftpd 3.0.3

How to fix this error?

Re: Error GnuTLS -89 while ftpes:// connection

Posted: 2020-04-24 08:48
by botg
Most likely something is wrong with the server's TLS configuration. What is the server's address?

Re: Error GnuTLS -89 while ftpes:// connection

Posted: 2020-04-24 14:30
by gaba
botg wrote:
2020-04-24 08:48
 Most likely something is wrong with the server's TLS configuration. What is the server's address?
Previous version Filezilla work fine: 3.44 or 3.45

Now checked version 3.39 from Debian Buster - work fine.

Re: Error GnuTLS -89 while ftpes:// connection

Posted: 2020-04-24 15:00
by botg
The different client version is most likely just the trigger, not the cause.

What is the server's address?

Re: Error GnuTLS -89 while ftpes:// connection

Posted: 2020-05-07 14:27
by gaba
I tried on 2 servers.

First server (Gentoo Linux, vsftpd 3.0.3):

Code: Select all

tls_layer_impl::client_handshake()
tls_layer_impl::continue_handshake()
TLS handshake: About to send CLIENT HELLO
TLS handshake: Sent CLIENT HELLO
tls_layer_impl::on_send()
tls_layer_impl::continue_handshake()
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
TLS handshake: Received SERVER HELLO
TLS handshake: Processed SERVER HELLO
TLS handshake: Received CERTIFICATE
TLS handshake: Processed CERTIFICATE
TLS handshake: Received SERVER KEY EXCHANGE
TLS handshake: Processed SERVER KEY EXCHANGE
tls_layer_impl::failure(-89)
Ошибка:	Ошибка GnuTLS -89: Public key signature verification has failed.
Second (Debian 9, vsftpd 3.0.3)

Code: Select all

tls_layer_impl::client_handshake()
tls_layer_impl::continue_handshake()
TLS handshake: About to send CLIENT HELLO
TLS handshake: Sent CLIENT HELLO
tls_layer_impl::on_send()
tls_layer_impl::continue_handshake()
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
TLS handshake: Received HELLO RETRY REQUEST
TLS handshake: Processed HELLO RETRY REQUEST
TLS handshake: About to send CLIENT HELLO
TLS handshake: Sent CLIENT HELLO
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
tls_layer_impl::failure(-12)
Ошибка:	От сервера получено TLS оповещение: Illegal parameter (47)
On client Debain Buster, Filezilla 3.48.0

Previous version work fine (3.46.3).

If these errors are related to use TLSv1.1 and TLSv1.2, note that this patch is not applied in current version Vsftpd on Debian (Ubuntu, etc).
https://serverfault.com/questions/99623 ... sl-tlsv1-1
https://bugs.launchpad.net/ubuntu/+sour ... ug/1804430

Re: Error GnuTLS -89 while ftpes:// connection

Posted: 2020-05-08 07:13
by botg
What are the server addresses? Without stepping through the handshake this is impossible to diagnose.

Re: Error GnuTLS -89 while ftpes:// connection

Posted: 2020-06-23 18:22
by gaba
Check
5.135.156.19
51.75.74.153

Now when connect i get error: Illegal parameter (47)
I tryed Filezilla 3.48.1 on Debian Buster and latest Arch.

Re: Error GnuTLS -89 while ftpes:// connection

Posted: 2020-06-24 07:56
by botg
If it exists on your system, what are the contents of the file /etc/gnutls/config ?

Re: Error GnuTLS -89 while ftpes:// connection

Posted: 2020-06-26 07:22
by gaba
No, not found on all systems.

Re: Error GnuTLS -89 while ftpes:// connection

Posted: 2020-06-26 09:40
by botg
Could it possibly be a faulty firewall or other TLS inspecting/breaking middleware that cannot handle something in the handshake?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited