SSL woes with >= 3.1.0
Posted: 2008-07-29 20:24
Server is ProFTPd 1.3.1 -- everything worked perfectly with FileZilla 3.0.11.1. After upgrading however, when attempting to connect via Explicit TLS/SSL (same settings that worked in the previous version), the following error is observed preventing a directory listing:
Error from 3.1.0
Error from 3.1.0.1
(Initial connection and authentication works fine)
This problem occurs in 3.1.0 as well as 3.1.0.1 and the latest nightly snapshot. I thought perhaps the issue was introduced as a result of the security fix mentioned on the front page, but supposedly this fix wasn't put in place until 3.1.0.1... in any case, the ProFTPd developers do not feel their implemention of TLS/SSL is incorrect (see this thread and this post specifically.
Could a developer here comment? Is this related to the security issue, or perhaps another problem that crept in? In the meantime, we're just telling users to stick with the 3.0.11.1 release which still works fine.
Error from 3.1.0
Code: Select all
Command: PASV
Response: 227 Entering Passive Mode (198,102,62,21,237,197).
Command: LIST
Response: 150 Opening ASCII mode data connection for file list
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
Response: 226 Transfer complete
Error: Failed to retrieve directory listing
Code: Select all
Command: PASV
Response: 227 Entering Passive Mode (198,102,62,21,234,227).
Command: LIST
Response: 150 Opening ASCII mode data connection for file list
Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
Response: 226 Transfer complete
Error: Failed to retrieve directory listing
This problem occurs in 3.1.0 as well as 3.1.0.1 and the latest nightly snapshot. I thought perhaps the issue was introduced as a result of the security fix mentioned on the front page, but supposedly this fix wasn't put in place until 3.1.0.1... in any case, the ProFTPd developers do not feel their implemention of TLS/SSL is incorrect (see this thread and this post specifically.
Could a developer here comment? Is this related to the security issue, or perhaps another problem that crept in? In the meantime, we're just telling users to stick with the 3.0.11.1 release which still works fine.