GnuTLS error -344

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
pjacobs
500 Command not understood
Posts: 3
Joined: 2023-02-24 23:32
First name: Paul
Last name: Jacobs

GnuTLS error -344

#1 Post by pjacobs » 2023-02-25 00:17

Hi,

I need some help. I recently set up my server for FTP for TLS. Checking via the site at https://ftptest.net is successful. The last few result lines are listed below. The problem is that the latest FileZilla client (v 3.63.1 (both Windows and Linux)) won't connect properly, results are farther below. The current Linux version of FileZilla (v 3.49.1) from EPEL does work correctly as well as WinSCP and CrossFTP. Any help would be appreciated.

Thanks, Paul

======
ftptest.net results
======
Command: PASV
Reply: 227 Entering Passive Mode (*,*,*,*,*,*)
Command: LIST
Status: Data connection established, performing TLS handshake...
Reply: 150 Opening ASCII mode data connection for file list
Status: TLS handshake successful, verifying certificate...
Status: Received 1 certificates from server.
Status: cert[0]: subject='C=US,ST=Idaho,O=Optimal Solutions Software\5c, LLC,CN=*.gosculptor.com' issuer='C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo RSA Organization Validation Secure Server CA'
Status: TLS session of transfer connection has been resumed.
Listing: drwxr-xr-x 2 apache apache 6 Feb 21 16:39 from_oss
Listing: drwxr-xr-x 2 apache apache 6 Feb 21 16:39 from_pjacobs_test
Listing: dr-xr-xr-x 3 apache apache 26 Jan 7 21:33 sculptor_release
Reply: 226 Transfer complete.
Status: Success
======

FileZilla Results
======
Status: Connection established, waiting for welcome message...
Response: 220 ********************** FTP Server (Apache) ready.
Command: AUTH TLS
Response: 234 Security exchange completed
Status: Initializing TLS...
Error: GnuTLS error -344: No common application protocol could be negotiated.
Status: Connection attempt failed with "ECONNABORTED - Connection aborted".
Error: Could not connect to server
======

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: GnuTLS error -344

#2 Post by botg » 2023-02-27 10:16

This is a server-side issue. The FTP server has an incorrect protocol set in its ALPN configuration.

Looks like I need to improve https://ftptest.net/ to catch this server-side error as well.

pjacobs
500 Command not understood
Posts: 3
Joined: 2023-02-24 23:32
First name: Paul
Last name: Jacobs

Re: GnuTLS error -344

#3 Post by pjacobs » 2023-03-18 19:38

Tim,

Thanks for your reply. In trying to change he ALPN configuration, I tried various combinations of SSLProtocol and SSLCipherSuite settings in my Apache configuration. I still can get the latest version of FileZilla to connect. I've attached a snapshot of the Certificate dialog for the Linux version of FileZilla 3.49.1. This version seems to work perfectly with the current configuration. Other than changing the SSLProtocol and SSLCipherSuite configurations, I not sure what else I need to change to get the latest version of FileZilla to connect. Any additional advice would be appreciated. Thanks!

Best regards,
Paul
Attachments
FileZilla-3.49.1.png
FileZilla-3.49.1.png (60.46 KiB) Viewed 1903 times

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: GnuTLS error -344

#4 Post by botg » 2023-03-19 09:22

The old version does not work perfectly, it lacks an important security mechanism.

Assuming that you are using Apache mod_ftp as the server, it does not appear that your FTP server's ALPN can even be configured. You instead need to contact the server developers so that the missing functionality can be implemented in the first place.

pjacobs
500 Command not understood
Posts: 3
Joined: 2023-02-24 23:32
First name: Paul
Last name: Jacobs

Re: GnuTLS error -344

#5 Post by pjacobs » 2023-03-20 01:24

Tim,

Thanks again for the reply and the insight. You are correct, I have been using Apache's mod_ftp. Guess I'll start looking for a different FTP server solution.

Paul

Post Reply