FileZilla Forums

Hi,

I need some help. I recently set up my server for FTP for TLS. Checking via the site at https://ftptest.net is successful. The last few result lines are listed below. The problem is that the latest FileZilla client (v 3.63.1 (both Windows and Linux)) won't connect properly, results are farther below. The current Linux version of FileZilla (v 3.49.1) from EPEL does work correctly as well as WinSCP and CrossFTP. Any help would be appreciated.

Thanks, Paul

======
ftptest.net results
======
Command: PASV
Reply: 227 Entering Passive Mode (*,*,*,*,*,*)
Command: LIST
Status: Data connection established, performing TLS handshake...
Reply: 150 Opening ASCII mode data connection for file list
Status: TLS handshake successful, verifying certificate...
Status: Received 1 certificates from server.
Status: cert[0]: subject='C=US,ST=Idaho,O=Optimal Solutions Software\5c, LLC,CN=*.gosculptor.com' issuer='C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo RSA Organization Validation Secure Server CA'
Status: TLS session of transfer connection has been resumed.
Listing: drwxr-xr-x 2 apache apache 6 Feb 21 16:39 from_oss
Listing: drwxr-xr-x 2 apache apache 6 Feb 21 16:39 from_pjacobs_test
Listing: dr-xr-xr-x 3 apache apache 26 Jan 7 21:33 sculptor_release
Reply: 226 Transfer complete.
Status: Success
======

FileZilla Results
======
Status: Connection established, waiting for welcome message...
Response: 220 ********************** FTP Server (Apache) ready.
Command: AUTH TLS
Response: 234 Security exchange completed
Status: Initializing TLS...
Error: GnuTLS error -344: No common application protocol could be negotiated.
Status: Connection attempt failed with "ECONNABORTED - Connection aborted".
Error: Could not connect to server
======

This is a server-side issue. The FTP server has an incorrect protocol set in its ALPN configuration.

Looks like I need to improve https://ftptest.net/ to catch this server-side error as well.

Tim,

Thanks for your reply. In trying to change he ALPN configuration, I tried various combinations of SSLProtocol and SSLCipherSuite settings in my Apache configuration. I still can get the latest version of FileZilla to connect. I've attached a snapshot of the Certificate dialog for the Linux version of FileZilla 3.49.1. This version seems to work perfectly with the current configuration. Other than changing the SSLProtocol and SSLCipherSuite configurations, I not sure what else I need to change to get the latest version of FileZilla to connect. Any additional advice would be appreciated. Thanks!

Best regards,
Paul

The old version does not work perfectly, it lacks an important security mechanism.

Assuming that you are using Apache mod_ftp as the server, it does not appear that your FTP server's ALPN can even be configured. You instead need to contact the server developers so that the missing functionality can be implemented in the first place.

Tim,

Thanks again for the reply and the insight. You are correct, I have been using Apache's mod_ftp. Guess I'll start looking for a different FTP server solution.

Paul