FileZilla Forums

Welcome to the official discussion forums for FileZilla
https://forum.filezilla-project.org/

ECONNABORTED: It's the server's fault!

https://forum.filezilla-project.org/viewtopic.php?f=2&t=7688

Page 1 of 1

ECONNABORTED: It's the server's fault!

Posted: 2008-08-08 23:06
by botg

Code: Select all

Status: Server did not properly shut down TLS connection
Error:  Could not read from transfer socket: ECONNABORTED - Connection aborted
If you get this error if listing a directory or if downloading a file, it means that your server did not send the SSL/TLS closure notification as required by the SSL/TLS specifications.

Closing the data connection for the transfer connection without an orderly SSL/TLS shutdown violates the specifications. Furthermore, not performing the shutdown is indistinguishable from an attacker sending spoofed FIN TCP packets to the server, leading to truncated, yet apparently complete, successful transfers.

Previous versions of FileZilla did not detect this faulty behavior and were vulnerable to spoofed FIN packets. The most recent version correctly complains about the server.

Partial list of broken servers:
  • FileZilla Server <=0.9.30
  • vsftpd <=2.0.6
  • ProFTPD <=1.3.2rc1
  • Xlight FTP server <=2.861
  • Pure-FTPd <=1.0.38
Partial list of proper servers:
  • FileZilla Server >=0.9.31
  • vsftpd >=2.0.7
  • ProFTPD >=1.3.2rc2
  • Xlight FTP Server >=3.0
  • Pure-FTPd >=1.0.39

Re: ECONNABORTED: It's the server's fault!

Posted: 2008-09-13 17:52
by boco
Please discuss in the new discussion thread. The sticky got rather messed up so let's keep it clean. :wink: Moved all posts there, have fun!

Discussion thread is now read-only.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited