Page 1 of 1

Determing version of TLS used on server

Posted: 2019-11-25 21:35
by criskris
I have inherited a Filezilla Server and trying to determining which version of TLS is being for FTP over SSL/TLS.

How can find that?

Re: Determing version of TLS used on server

Posted: 2019-11-26 01:02
by boco
The only supported FileZilla Server version is 0.9.60 - that one is providing FTP over TLS 1.2. Note that the negotiated TLS version can be lower, if the client does not support TLS 1.2. Lowest possible is 1.0, AFAIK. The old SSL versions are not possible.

Hint: Use FileZilla to connect to your server, then click the lock at the lower right. Session details reveals the TLS version used.

Re: Determing version of TLS used on server

Posted: 2019-11-26 14:28
by criskris
I am using server

FileZilla Server version 0.9.48 beta

Is that any different in regards to TLS security?

Re: Determing version of TLS used on server

Posted: 2019-11-26 17:39
by boco
Yes. Several security issues have been fixed since then. You absolutely MUST update.

https://filezilla-project.org/versions.php?type=server

Re: Determing version of TLS used on server

Posted: 2019-11-27 14:01
by criskris
I don't have permissions yet to upgrade the server. I just need to figure out if this version of the server will accomodate TLS 1.2.

Re: Determing version of TLS used on server

Posted: 2019-11-27 14:13
by botg
You need to find a new job ASAP. Bad policies like that are going to result in disaster eventually.

Re: Determing version of TLS used on server

Posted: 2019-11-27 14:31
by criskris
I appreciate everyone's help and suggestions but I just need to know which version of TLS is supported by that version of server.

Re: Determing version of TLS used on server

Posted: 2019-11-27 15:53
by botg
We cannot support outdated versions of FileZilla Server.

Re: Determing version of TLS used on server

Posted: 2019-12-02 21:03
by criskris
We have upgraded the FileZilla Server software but now we are getting the following issues when trying to upload files.

(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> TLS connection for data connection established
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> 226 Successfully transferred "/"
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> PASV
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> 227 Entering Passive Mode (67,221,232,186,196,203)
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> STOR Loan Pal Actions.xlsx
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> 150 Opening data channel for file upload to server of "/Loan Pal Actions.xlsx"
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> 550 Could not open file for writing.
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> PASV
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> 227 Entering Passive Mode (67,221,232,186,198,141)
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> MLSD
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> 150 Opening data channel for directory listing of "/"
(000228)12/2/2019 14:58:17 PM - bremer (199.189.127.1)> TLS connection for data connection established
(000228)12/2/2019 14:58:17 PM - bremer (199.189.127.1)> 226 Successfully transferred "/"


Can you help me figure out what setting is causing this issue?

Re: Determing version of TLS used on server

Posted: 2019-12-02 23:03
by boco
One possibility is the AV software, locking the file while scanning.
A second possibility is that another program/process on the server machine is holding the file open (Excel, maybe?).
Third possibility: The service part of FileZilla Server did run under a different user account, previously. As updating re-installs the service, the service account gets reset to SYSTEM and needs to be configured again.

Re: Determing version of TLS used on server

Posted: 2019-12-04 15:14
by criskris
Thank you.

It was number 3. we are still having some trouble with people accessing via automated protocols. Below is an error that we had received from the client.

“TLS session of data connection has not resumed or the session does not match the control connection”

Re: Determing version of TLS used on server

Posted: 2019-12-04 19:08
by boco
The mentioned error message is the result of a security vulnerability in the accessing clients. By default, FileZilla Server requires every client to support TLS session resumption (for mitigation of connection stealing attacks).

For a short-term workaround, you can disable TLS session resumption requirement*, but the affected clients should be fixed urgently.



*Uncheck the highlighted checkbox.

Image