GnuTLS error -110: The TLS connection was non-properly terminated.

Message

mafufz · #1 Post by **mafufz** » 2016-12-07 14:56

I'm trying to connect to an FTP server using AUTH and PROT P. I'm receive an error and would like to ask for your assistance in circling in the problem so I can further debug.

I receive a directory listing and can transfer file with no problems in these settings:
* Using WinSCP
* Using FileZilla Client 3.23.0.2 without AUTH
* Using FileZilla Client 3.23.0.2 with AUTH but without PROT P

However, with PROT P enabled, I cannot receive a directory listing. I get an error

> GnuTLS error -110: The TLS connection was non-properly terminated.

Debug level log of Filezilla:

Code: Select all

...omitted...
Command:	TYPE I
Trace:	CTlsSocket::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Response:	200 You are in binary mode
Trace:	CFtpControlSocket::TransferParseResponse()
Trace:	  code = 2
Trace:	  state = 1
Trace:	CFtpControlSocket::SendNextCommand()
Trace:	CFtpControlSocket::TransferSend()
Trace:	  state = 2
Command:	PASV
Trace:	CTlsSocket::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Response:	227 PASV ready (127,0,0,1,31,182)
Trace:	CFtpControlSocket::TransferParseResponse()
Trace:	  code = 2
Trace:	  state = 2
Trace:	CFtpControlSocket::SendNextCommand()
Trace:	CFtpControlSocket::TransferSend()
Trace:	  state = 4
Trace:	Binding data connection source IP to control connection source IP 127.0.0.1
Command:	LIST
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocket::Handshake()
Trace:	Trying to resume existing TLS session.
Trace:	CTlsSocket::ContinueHandshake()
Trace:	TLS handshake: About to send CLIENT HELLO
Trace:	TLS handshake: Sent CLIENT HELLO
Trace:	CTlsSocket::OnSend()
Trace:	CTlsSocket::OnSend()
Trace:	CTlsSocket::OnRead()
Trace:	CTlsSocket::ContinueHandshake()
Trace:	CTlsSocket::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Response:	150 Ready for data transmission
Trace:	CFtpControlSocket::TransferParseResponse()
Trace:	  code = 1
Trace:	  state = 4
Trace:	CFtpControlSocket::SendNextCommand()
Trace:	CFtpControlSocket::TransferSend()
Trace:	  state = 5
Trace:	CTlsSocket::OnRead()
Trace:	CTlsSocket::ContinueHandshake()
Trace:	TLS handshake: Received SERVER HELLO
Trace:	TLS handshake: Processed SERVER HELLO
Trace:	TLS handshake: Received FINISHED
Trace:	TLS handshake: Processed FINISHED
Trace:	TLS handshake: About to send FINISHED
Trace:	TLS handshake: Sent FINISHED
Trace:	TLS Handshake successful
Trace:	TLS Session resumed
Trace:	Protocol: TLS1.2, Key exchange: ECDHE-RSA, Cipher: AES-256-CBC, MAC: SHA384
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocket::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Response:	226 LIST complete
Trace:	CFtpControlSocket::TransferParseResponse()
Trace:	  code = 2
Trace:	  state = 5
Trace:	CFtpControlSocket::SendNextCommand()
Trace:	CFtpControlSocket::TransferSend()
Trace:	  state = 8
Trace:	CTlsSocket::OnRead()
Trace:	CTransferSocket::OnReceive(), m_transferMode=0
Trace:	CTlsSocket::OnRead()
Trace:	CTlsSocket::Failure(-110)
Error:	GnuTLS error -110: The TLS connection was non-properly terminated.
Status:	Server did not properly shut down TLS connection
Trace:	CTlsSocket::OnSocketEvent(): close event received
Trace:	CTransferSocket::OnClose(106)
Error:	Transfer connection interrupted: ECONNABORTED - Connection aborted
Trace:	CTransferSocket::TransferEnd(3)
Trace:	CFtpControlSocket::TransferEnd()
Trace:	CFtpControlSocket::ResetOperation(2)
Trace:	CControlSocket::ResetOperation(2)
Trace:	CFtpControlSocket::ParseSubcommandResult(2)
Trace:	CFtpControlSocket::ListSubcommandResult()
Trace:	  state = 3
Trace:	CFtpControlSocket::ResetOperation(2)
Trace:	CControlSocket::ResetOperation(2)
Error:	Failed to retrieve directory listing
Trace:	CFileZillaEnginePrivate::ResetOperation(2)

Log of FTP server:

Code: Select all

< 220- Hello!

> AUTH TLS
< 234 Switching to TLS

Connection switched to Tls12 (Aes256, 44550)
> USER admin
< 331 Password required

> PASS pass
< 230 Logged in

> PBSZ 0
< 200 OK

> PROT P
< 200 OK

> PWD
< 257 "/"

> TYPE I
< 200 You are in binary mode

> PASV
Closing data connections
Passive started on 127.0.0.1:8118
< 227 PASV ready (127,0,0,1,31,182)

> LIST
< 150 Ready for data transmission

Data client connected
Basic data connection established: 127.0.0.1:8118 - 127.0.0.1:44847
Upgrading data channel to TLS
Connection switched to Tls12 (Aes256, 44550)
Performing data operation
< 226 LIST complete

Data operation finished
Closing data connections

I can confirm that the server believes that the transfer has been completed.

#2 Post by **botg** » 2016-12-07 19:00

Your server isn't sending the TLS closure alert on the data connection. Closure alerts are an important security feature of TLS. See viewtopic.php?f=2&t=7688

Not getting this error in WinSCP means that WinSCP is vulnerable to truncation attacks.

mafufz · #3 Post by **mafufz** » 2016-12-08 01:42

Thanks, that should be enough to let me fix it.

FileZilla Forums

GnuTLS error -110: The TLS connection was non-properly terminated.

GnuTLS error -110: The TLS connection was non-properly terminated.

Re: GnuTLS error -110: The TLS connection was non-properly terminated.

Re: GnuTLS error -110: The TLS connection was non-properly terminated.