"Server did not properly shut down TLS connection"

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
User avatar
jaycent
503 Bad sequence of commands
Posts: 20
Joined: 2007-09-19 20:08

"Server did not properly shut down TLS connection"

#1 Post by jaycent » 2008-07-31 03:36

In regards to http://tools.ietf.org/html/rfc4346#page-27 and http://rfc.net/rfc4217.html#p21

I am just curious to know why you guys chose to cut backwards compatibility instead of simply warning the user that it was out of spec?

You guys need to realize how big your FTP client is. I know this product is a labor of love for you guys and it shows; you guys made a decent product that gets the job done and it's free. Therefore, there's a ton of people that are going to use it and you need to keep them in mind when you make your decisions. Please give users a choice on how they want to use your product. If they want security, give it to them, if they don't, then simply remind them they're being insecure. But don't break compatibility unless there's a really really good reason. A potential exploit in a protocol is a good reason, but not good enough to make the program simply not work. This goes for both you guys and the other FTP software out there. Some vendors just aren't up to snuff...but don't block them out...let the end-user choose what to do.

This product is free and I am grateful for that. I am just throwing out a few suggestions. Thanks.

User avatar
boco
Contributor
Posts: 26877
Joined: 2006-05-01 03:28
Location: Germany

Re: "Server did not properly shut down TLS connection"

#2 Post by boco » 2008-07-31 04:06

jaycent wrote:If they want security, give it to them, if they don't, then simply remind them they're being insecure.
If you don't want/need security, don't use SSL at all. Using an encryption protocol like SSL/TLS in a way that has a potential exploit doesn't make a lot of sense, because you can't rely on it.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

User avatar
jaycent
503 Bad sequence of commands
Posts: 20
Joined: 2007-09-19 20:08

Re: "Server did not properly shut down TLS connection"

#3 Post by jaycent » 2008-07-31 13:34

Using an encryption protocol with a bug in it is still better than not using anything at all.

PlusOne
500 Command not understood
Posts: 1
Joined: 2008-07-31 14:21
First name: Alexander
Last name: Renz

Re: "Server did not properly shut down TLS connection"

#4 Post by PlusOne » 2008-07-31 16:23

Hello,

anyone got experience with mod_gnutls.c? Is the TLS Shutdown right implemented? Or should we wait for an fix of mod_tls by the proftpd dev?

Beste regards,

PlusOne.

User avatar
jaycent
503 Bad sequence of commands
Posts: 20
Joined: 2007-09-19 20:08

Re: "Server did not properly shut down TLS connection"

#5 Post by jaycent » 2008-11-10 22:43

Here's a $10,000 Enterprise-grade FTP program that had to make a special adjustment to FileZilla's crazy security practices.

September 3, 2008, 5.2.5 Build 08.26.2008.1
* Resolved issue where transfer status was not properly displayed in Web Transfer Client.
* Updated Web Transfer Client to be compatible with Firefox 3.0 for Windows and Safari 3.1.1 for OS X.
* Fixed PGP private key issue with whitespace in passphrases.
* Improved HTTP POST memory and CPU efficiency and speed.
* Fixed COM method GetUserSettings to be case insensitive.
* Added GetPhysicalPath (string VirtualPath) function to COM interface.
* Resolved ARM connection handling error to MSSQL2005.
* Updated Site Setup Wizard to correctly require SSL certificate passphrase.
* Added SSL close_notifiy message to ensure support for FileZilla client.

I hate complaining about FileZilla because it's free... but yet......

User avatar
botg
Site Admin
Posts: 35458
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: "Server did not properly shut down TLS connection"

#6 Post by botg » 2008-11-10 23:35

Here's a $10,000 Enterprise-grade FTP program that had to make a special adjustment
$10.000 and still fails to follow the protocol specifications. Expensive junk.
* Added SSL close_notifiy message to ensure support for FileZilla client.
That's incorrect.

It should say this:
* Added SSL close_notifiy message to do what the specifications require.

Post Reply