Can't connect with TLS/SSL in version 3.1.0

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
whale
500 Syntax error
Posts: 16
Joined: 2008-07-24 03:22
First name: Franklin
Last name: Tse

Re: Can't connect with TLS/SSL in version 3.1.0

#46 Post by whale » 2008-07-31 08:33

That means Filezilla breaks its compatibility with FTP Server using CryptoAPI, including Microsoft IIS7 FTP."
Doesn't seem to be true. I can use FileZilla to connect with a FTP 7 for IIS 7 server via AUTH TLS successfully.

By the way, the issue will be fixed in the next version of Xlight FTP Server:
http://www.xlightftpd.com/forum/viewtopic.php?t=971

User avatar
botg
Site Admin
Posts: 32213
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't connect with TLS/SSL in version 3.1.0

#47 Post by botg » 2008-07-31 09:37

Since I have no account on their forums, I'll reply here to something one of their devs said:
close_notify
This message notifies the recipient that the sender will not send
any more messages on this connection. Note that as of TLS 1.1,
failure to properly close a connection no longer requires that a
session not be resumed. This is a change from TLS 1.0 to conform
with widespread implementation practice.
Resuming an interrupted session and shutting down a session are two completely different things, don't confuse them. This particular change allows reconnecting to the server and resuming the connection should it have been disrupted (e.g. temporary network outage). Note that it does require further application support for this and is not supported by FTP.

chromoplastic
500 Syntax error
Posts: 13
Joined: 2006-09-22 02:45

Re: Can't connect with TLS/SSL in version 3.1.0

#48 Post by chromoplastic » 2008-08-01 03:45

I there,

Since i started this thread many of us discovered that a lot of ftp servers have this TSL/SSL problem.

I can now say that the server in question in my case (Gene6) was upgraded to version 3.10.0 (Build 2) and now has no problem with FZ 3.1.0.1. All is well now.

But i have to say that this problem highlighted another question. As i understand, FZ developers are trying to build a strict standards compliant ftp client and this is good, but as less aware people upgrade to the new versions of FZ and bump on this problem, they will blame it on FZ rather than the flawed ftp server, just as i and others did at first. And as this users try other ftp clients that go around this problem the perception that FZ is the bad client stays, so this will hurt FZ in the end.

Nonetheless i'm happy that there's one less flawed ftp server out there, and that i can continue to use the latest versions of FZ, but i suggest that you shouldn't be so strict in this matter and implement a "relaxed" option somewhere in FZ's settings.

Keep up the good work.

User avatar
botg
Site Admin
Posts: 32213
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't connect with TLS/SSL in version 3.1.0

#49 Post by botg » 2008-08-01 08:32

Guess I should have made the log line that reads "Server did not properly shut down TLS connection" bold, underlined, font size 72 and blinking, full-screen of course.

User avatar
boco
Contributor
Posts: 24544
Joined: 2006-05-01 03:28
Location: Germany

Re: Can't connect with TLS/SSL in version 3.1.0

#50 Post by boco » 2008-08-02 05:15

botg wrote:Guess I should have made the log line that reads "Server did not properly shut down TLS connection" bold, underlined, font size 72 and blinking, full-screen of course.
Make it the default desktop wallpaper.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Zuul24
500 Command not understood
Posts: 4
Joined: 2008-08-02 21:26
First name: Chas
Last name: Stokes

Re: Can't connect with TLS/SSL in version 3.1.0

#51 Post by Zuul24 » 2008-08-02 21:48

I am afraid I will have to stay downgraded also for the time being.

I also never understood why filezilla removed all the proxy settings that it used to have. I am still stuck at version 2.0 at work forever.

Until Serv-U corrects the problem on their side, I am pretty much stuck like the rest as I am not changing my FTP server software after using the same one since almost version 1.

Chas

User avatar
botg
Site Admin
Posts: 32213
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't connect with TLS/SSL in version 3.1.0

#52 Post by botg » 2008-08-02 22:10

I also never understood why filezilla removed all the proxy settings that it used to have. I am still stuck at version 2.0 at work forever.
Did you know that all proxy settings that were available in 2.x are completely back in 3.1.0.1?

Zuul24
500 Command not understood
Posts: 4
Joined: 2008-08-02 21:26
First name: Chas
Last name: Stokes

Re: Can't connect with TLS/SSL in version 3.1.0

#53 Post by Zuul24 » 2008-08-02 23:28

botg wrote:
I also never understood why filezilla removed all the proxy settings that it used to have. I am still stuck at version 2.0 at work forever.
Did you know that all proxy settings that were available in 2.x are completely back in 3.1.0.1?
No, I didn't. And that is great. I didn't have it on here long enough to see it.

I just can't update until a few of the FTP sites I use update their servers but I will definitely check that out.

Chas

Tazawa
500 Command not understood
Posts: 2
Joined: 2008-08-05 09:11
First name: Kun
Last name: Tazawa

Re: Can't connect with TLS/SSL in version 3.1.0

#54 Post by Tazawa » 2008-08-05 09:29

Hi, I also have faced the case ``Can't connect with TLS/SSL in version 3.1.0''. I use version 2 which can connect my FTP/SSL (explicit) server.

Then, I noticed difference of ver.2 and ver.3. In the ver.2, Filezilla connects the server by `ascii mode' for LIST command. I don't know exactly why, but in the ver3, it connects by `binary mode'. I guess that the mode is cause that Filezilla3 could not connect a TSL/SSL server and could not take directry list.

Is there a way of change the mode for sending command ? Maybe, if the mode was turn to ascii, then Filezilla could connect the server, I think.

User avatar
botg
Site Admin
Posts: 32213
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't connect with TLS/SSL in version 3.1.0

#55 Post by botg » 2008-08-05 10:05

That has absolutely nothing to do with it.

HaveBlue
500 Command not understood
Posts: 3
Joined: 2008-09-11 08:44
First name: Henk-Jan
Last name: Withaar

Re: Can't connect with TLS/SSL in version 3.1.0

#56 Post by HaveBlue » 2008-09-11 09:03

I seem to have a similar problem with FileZilla server 0.9.27 and client version 3.1.2 (client version 3.0.11.1 does not reproduce the problem). I can login and browse the server using SSL/TLS just fine. However, there is one directory which gives:

Status: Server did not properly shut down TLS connection
Error: Transfer connection interrupted: ECONNABORTED - Connection aborted
Error: Failed to retrieve directory listing
"

Does this imply that FileZilla server 0.9.27 has the same fault as the aformementioned FTP-servers?

da chicken
226 Transfer OK
Posts: 619
Joined: 2005-11-02 06:41

Re: Can't connect with TLS/SSL in version 3.1.0

#57 Post by da chicken » 2008-09-11 19:33

That bug was supposed to be fixed in 0.9.27.

Is there anything unusual about that directory or it's contents?

jmoreno
500 Command not understood
Posts: 1
Joined: 2008-09-11 19:05
First name: Julio
Last name: Moreno

Re: Can't connect with TLS/SSL in version 3.1.0

#58 Post by jmoreno » 2008-09-11 19:38

I have the same problem with FTPES.
Versions 3.0.x and bellow works fine, but it does't with versions 3.1.x and above...
My server is RHEL4.0 with vsftpd.
I guess if it's possible to put some checkbox in the connection's configuration to override the TLS shutdown check, maybe with a legend "Use at your own risk", or something.
I am a FileZilla's fanatic but I am now recomending my customers get some earlier versions of FileZilla and encourage to "DON'T TRY TO UPGRADE IT" or just get another ftp's client software that supports FTP w/TLS.
I think that there is too many people (and servers as well) with the same kind of problem to just ignore it.

HaveBlue
500 Command not understood
Posts: 3
Joined: 2008-09-11 08:44
First name: Henk-Jan
Last name: Withaar

Re: Can't connect with TLS/SSL in version 3.1.0

#59 Post by HaveBlue » 2008-09-11 19:56

da chicken wrote:That bug was supposed to be fixed in 0.9.27.

Is there anything unusual about that directory or it's contents?
Nothing special. Only thing setting it apart from other directories is that it contains solely DVD9 ISO images. I can not in any way link this to the weird SSL/TLS behaviour though? Windows file permissions are inherited from the toplevel directory so this should not pose any problems?

Strange thing is that earlier versions of the client don't reproduce this behaviour.

blaforce
500 Command not understood
Posts: 1
Joined: 2008-09-18 21:39
First name: Brian
Last name: LaForce

Re: Can't connect with TLS/SSL in version 3.1.0

#60 Post by blaforce » 2008-09-18 22:11

Thought I would add a note from the Server Admin side. We are a very limited staff and therefore our Linux server is not up to date. The website was created by another department who did it on their own though a 3rd Party hosting service without Information Systems support. There is just no way to update the Linux server at this time. The vsftpd upgrade will not work with our current version of Fedora. The dependencies are not there.

From a programmer's point of view: I would have added a checkbox to allow or disallow TLS closure.

The software is freeware so I am not complaining. We will just have our people go back to the prior version. No big deal.

Post Reply