Discussion topic: It's the server's fault!

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Locked
Message
Author
da chicken
226 Transfer OK
Posts: 619
Joined: 2005-11-02 06:41

Discussion topic: It's the server's fault!

#1 Post by da chicken » 2008-08-09 07:49

This is the discussion topic for ECONNABORTED: It's the server's fault!

This is probably the best explanation I've seen of what's going on and why so many servers and clients might be broken:
> Links to (on page 2):
>
> http://tools.ietf.org/html/rfc4346#page-27
> http://rfc.net/rfc4217.html#p21
>
> Any thoughts on this?

Now that's interesting. Section 12.6 of RFC 4217 (FTP over SSL/TLS), for
data connections, shows a "passive" shutdown of the SSL session, i.e. the
client shuts down the session (sending a 'close_notify' to the server);
the server does not reply with its own 'close_notify' alert.

_However_, Section 12.3, for the control connection, uses an _active_
shutdown (both client and server send their 'close_notify' alerts) when
the CCC command is used.

Which means, effectively, that the SSL session shutdown behavior is not
consistent; some behaviors lead to an active (bi-directional) shutdown,
some do not. No wonder implementations get this wrong (mod_tls gets it
wrong, as it tries to use the same shutdown sequence for all connections,
be they control, data, or CCC-cleared).
--http://marc.info/?l=proftpd-users&m=121736627908173&w=2

User avatar
botg
Site Admin
Posts: 32470
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: ECONNABORTED: It's the server's fault!

#2 Post by botg » 2008-08-09 08:55

The answer is in RFC 4346 which clearly states the following in section 7.2.1.:
Unless some other fatal alert has been transmitted, each party is
required to send a close_notify alert before closing the write side
of the connection
The write side is the server sending the directory listing or the file to the client. RFC 4217 isn't even involved.

da chicken
226 Transfer OK
Posts: 619
Joined: 2005-11-02 06:41

Re: ECONNABORTED: It's the server's fault!

#3 Post by da chicken » 2008-08-09 21:28

I'm not trying to say you're wrong at all, Tim. Honestly, I don't care who is right or wrong. I just want everyone to agree on reality so things work smoothly.

Additionally, if you are right that failure to send close_notify is a potential security risk, then it doesn't matter if your interpretation of the RFCs is the intended one or not. It should be how things are implemented because it's a security issue.

User avatar
boco
Contributor
Posts: 24783
Joined: 2006-05-01 03:28
Location: Germany

Re: ECONNABORTED: It's the server's fault!

#4 Post by boco » 2008-08-09 23:29

And some server creators have already implemented this fix (or had it right even from the beginning), others will follow, it will be commonly accepted. That's how things work, sometimes you need to force things for the better.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Panther
500 Command not understood
Posts: 3
Joined: 2008-08-10 18:11

Re: ECONNABORTED: It's the server's fault!

#5 Post by Panther » 2008-08-10 18:16

The users of FileZilla usually do not have control of the ftp servers. All that's being forced is for people to either be stuck using old versions of FileZilla (as I am doing) or use a different client. My web browser does not refuse to display a web page simply because there are errors in the HTML code, such as on the SourceForge project page for FileZilla....something you have no control over (yes, I noticed that all your web pages do validate).

User avatar
boco
Contributor
Posts: 24783
Joined: 2006-05-01 03:28
Location: Germany

Re: ECONNABORTED: It's the server's fault!

#6 Post by boco » 2008-08-11 01:04

Panther wrote:My web browser does not refuse to display a web page simply because there are errors in the HTML code
You can't compare faulty HTML code to this problem. It's a security hole that has been closed, and I'm sure botg won't make his client insecure again.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Panther
500 Command not understood
Posts: 3
Joined: 2008-08-10 18:11

Re: ECONNABORTED: It's the server's fault!

#7 Post by Panther » 2008-08-11 02:20

boco wrote:You can't compare faulty HTML code to this problem. It's a security hole that has been closed, and I'm sure botg won't make his client insecure again.
It does no harm to FileZilla to allow connections to non-compliant servers. As it is now the current releases of FileZilla are completely useless to a lot of people, which is a shame because besides the disconnect (i.e. the servers like to ignore FileZilla's keep-alive and disconnect the client) and 1GB limitation (on certain servers transfers stop at every 1GB boundry) problems it's a great program.

User avatar
botg
Site Admin
Posts: 32470
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: ECONNABORTED: It's the server's fault!

#8 Post by botg » 2008-08-11 07:51

1GB limitation? Again the server's at fault.

nix4me
500 Syntax error
Posts: 14
Joined: 2007-12-24 16:39
First name: Mark

Re: ECONNABORTED: It's the server's fault!

#9 Post by nix4me » 2008-08-15 13:47

This issue is frustrating indeed. Now we have to wait for new server packages to be made for each distribution which will likely not be for several months.

This issue coupled with the inability of the community to agree on PRET support is maddening!

User avatar
botg
Site Admin
Posts: 32470
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: ECONNABORTED: It's the server's fault!

#10 Post by botg » 2008-08-15 17:49

nix4me wrote:This issue coupled with the inability of the community to agree on PRET support is maddening!
Show me an RFC that implements PRET.

nix4me
500 Syntax error
Posts: 14
Joined: 2007-12-24 16:39
First name: Mark

Re: ECONNABORTED: It's the server's fault!

#11 Post by nix4me » 2008-08-15 18:34

Yeah, i know there isn't one. But frankly I don't care about RFC's.

A ftp client that works would be preferable to a RFC compliant client that is useless. It's just unfortunate that usability has to suffer due to bureaucracy.

User avatar
botg
Site Admin
Posts: 32470
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: ECONNABORTED: It's the server's fault!

#12 Post by botg » 2008-08-15 19:00

Client interoperability cannot work if the extensions are not standardized.

da chicken
226 Transfer OK
Posts: 619
Joined: 2005-11-02 06:41

Re: ECONNABORTED: It's the server's fault!

#13 Post by da chicken » 2008-08-15 21:19

I'll go out on a limb and say it's neither a server problem or a client problem. It's an RFC problem. Simply speaking, it's a bit ridiculous for FTP to require more than one socket between the server and the client. It's trying to fix an Application layer problem at the Transport layer. It should not surprise anyone that there are endless problems.

nix4me
500 Syntax error
Posts: 14
Joined: 2007-12-24 16:39
First name: Mark

Re: ECONNABORTED: It's the server's fault!

#14 Post by nix4me » 2008-08-15 22:26

Here is the best the drftpd guys will do:

http://www.drftpd.org/phpBB2/viewtopic. ... light=pret

User avatar
botg
Site Admin
Posts: 32470
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: ECONNABORTED: It's the server's fault!

#15 Post by botg » 2008-08-15 23:03

150% bullshit. Examples make no formal specifications. Besides, from what I have seen, some servers seem to require PRET. Such behavior is totally against the FTP specifications, such a servers should NOT be considered to be FTP. One MUST NOT break backwards compatibility.

Locked