Server did not properly shut down TLS connection
Moderator: Project members
-
- 500 Command not understood
- Posts: 2
- Joined: 2008-07-30 17:13
- First name: Sohi
- Last name: Rashed
Server did not properly shut down TLS connection
Hi,
I am getting an error saying that "Server did not properly shut down TLS connection" when I try to connect to a secure server.
after that I get the following lines:
Could not read from transfer socket: ECONNABORTED - Connection aborted
Error: Failed to retrieve directory listing
Error: Connection closed by server
Can anybody help me figure out what is wrong.
Thanks,
Sohi.
I am getting an error saying that "Server did not properly shut down TLS connection" when I try to connect to a secure server.
after that I get the following lines:
Could not read from transfer socket: ECONNABORTED - Connection aborted
Error: Failed to retrieve directory listing
Error: Connection closed by server
Can anybody help me figure out what is wrong.
Thanks,
Sohi.
Re: Server did not properly shut down TLS connection
You need to upgrade to a better server. Like for example FileZilla Server 0.9.27 or vsftpd 2.0.7, those are known to perform the mandatory SSL/TLS shutdown as required by the specifications.
Re: Server did not properly shut down TLS connection
We are having the same problem but only with the Filezilla client on a linux box.
We are running vsftpd 2.0.5 on Debian Linux using secure SSL in passive mode.
We have multiple clients on both windows and linux boxes connecting to this server without any problem, they receive no errors.
This includes the FileZilla client on a windows box (it connects wtihout a problem).
The only client that fails and receives the "Server did not properly shutdown TLS connection" is the FileZilla client on a Linux box.
We are using Filezilla 3.1.3 on a Debian Linux when this failure occures.
It seems to us if this were a server issue it would fail for all clients and not just the Filezilla/Linux client.
We are running vsftpd 2.0.5 on Debian Linux using secure SSL in passive mode.
We have multiple clients on both windows and linux boxes connecting to this server without any problem, they receive no errors.
This includes the FileZilla client on a windows box (it connects wtihout a problem).
The only client that fails and receives the "Server did not properly shutdown TLS connection" is the FileZilla client on a Linux box.
We are using Filezilla 3.1.3 on a Debian Linux when this failure occures.
It seems to us if this were a server issue it would fail for all clients and not just the Filezilla/Linux client.
-
- 226 Transfer OK
- Posts: 619
- Joined: 2005-11-02 06:41
Re: Server did not properly shut down TLS connection
Vsftpd prior to 2.0.7 will not properly shutdown TLS connections. FileZilla clients version 3.1.0.1 and later will issue a fatal error due to potential security issues with this bug. The changelog is still advertising the fix on the main page: http://vsftpd.beasts.org/.
You'll need to either push the Debian package maintainers to backport the patch in 2.0.7 or build 2.0.7 from the tarball source.
Ubuntu people having the same problem:
http://ubuntuforums.org/showthread.php?t=880724
I don't entirely agree with the solution provided there (it strikes me as a bit too kludgey to use make and not make install) but it would work.
You'll need to either push the Debian package maintainers to backport the patch in 2.0.7 or build 2.0.7 from the tarball source.
Ubuntu people having the same problem:
http://ubuntuforums.org/showthread.php?t=880724
I don't entirely agree with the solution provided there (it strikes me as a bit too kludgey to use make and not make install) but it would work.
-
- 500 Command not understood
- Posts: 1
- Joined: 2008-10-15 11:02
- First name: Daniel
- Last name: Ang
Re: Server did not properly shut down TLS connection
Hi:
I'm getting the same problem. I'm running Filezilla 3.1.3.1 on MacOS 10.5.5.
The ftp server is ran under Linux Debian, Proftpd 1.2.10.
I used to be able to log in using TLS/SSL on older version of Filezillas on my Mac, but not now. However i still can log in using normal FTP instead of FTPES.
I have another client running Kubuntu, no problem logging in using Filezilla FTPES mode.
Is this a server or client side problem?
Log:
Status: Disconnected from server
Status: Resolving address of x
Status: Connecting to x...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.2.10 Server (Audittv (Singnet 1)) [119.73.142.192]
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER daniel
Status: TLS/SSL connection established.
Response: 331 Password required for x.
Command: PASS ********
Response: 230 User daniel logged in.
Command: PBSZ 0
Response: 200 PBSZ 0 successful
Command: PROT P
Response: 200 Protection set to Private
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (x,239,111).
Command: LIST
Response: 150 Opening ASCII mode data connection for file list
Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
Response: 226 Transfer complete.
Error: Failed to retrieve directory listing
I'm getting the same problem. I'm running Filezilla 3.1.3.1 on MacOS 10.5.5.
The ftp server is ran under Linux Debian, Proftpd 1.2.10.
I used to be able to log in using TLS/SSL on older version of Filezillas on my Mac, but not now. However i still can log in using normal FTP instead of FTPES.
I have another client running Kubuntu, no problem logging in using Filezilla FTPES mode.
Is this a server or client side problem?
Log:
Status: Disconnected from server
Status: Resolving address of x
Status: Connecting to x...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.2.10 Server (Audittv (Singnet 1)) [119.73.142.192]
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER daniel
Status: TLS/SSL connection established.
Response: 331 Password required for x.
Command: PASS ********
Response: 230 User daniel logged in.
Command: PBSZ 0
Response: 200 PBSZ 0 successful
Command: PROT P
Response: 200 Protection set to Private
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (x,239,111).
Command: LIST
Response: 150 Opening ASCII mode data connection for file list
Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
Response: 226 Transfer complete.
Error: Failed to retrieve directory listing
Re: Server did not properly shut down TLS connection
It's lack of reading comprehension on your part. This question has been answered before in this very thread.Is this a server or client side problem?
-
- 500 Command not understood
- Posts: 1
- Joined: 2008-10-28 00:11
- First name: Robert
- Last name: Johnson
Re: Server did not properly shut down TLS connection
Nice dick response , great support.It's lack of reading comprehension on your part
Re: Server did not properly shut down TLS connection
Thanks for appreciating my support. However I'm not Richard, I'm Tim.RobertMJ wrote:Nice dick response , great support.
-
- 500 Command not understood
- Posts: 1
- Joined: 2009-04-27 15:22
- First name: Angel
- Last name: Anichin
Re: Server did not properly shut down TLS connection
Is there a way to make FileZilla ignore this bug on the server ?
I am using FileZilla to connect to a server which I have no control over. I am uploading files, not downloading and I would like to use my favourite ftp client. Do not want to install CuteFTP or anything else. What can I do ?
I am using FileZilla to connect to a server which I have no control over. I am uploading files, not downloading and I would like to use my favourite ftp client. Do not want to install CuteFTP or anything else. What can I do ?
Re: Server did not properly shut down TLS connection
No, because it's a security vulnerability.
Re: Server did not properly shut down TLS connection
You need to compile FileZilla yourself, with a switch to get rid of this "great security feature".
For me it is simple: i just don't use FileZilla 3.x but the much better program "<vulnerable program>".
For me it is simple: i just don't use FileZilla 3.x but the much better program "<vulnerable program>".
Re: Server did not properly shut down TLS connection
Have fun using vulnerable software. People like you are the reason why malware is spreading so fast.