TLS - FileZilla Server 1.2.0

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
Nast
504 Command not implemented
Posts: 11
Joined: 2022-01-06 07:43
First name: Nastasia
Last name: Potts

TLS - FileZilla Server 1.2.0

#1 Post by Nast » 2022-01-06 12:59

Hi,
I could really use some help, I'm trying to set up Filezilla 1.2.0, and I have some trouble setting the server to be TLS encrypted.
I tested with plain FTP on port 21 and it was working. Then I added my certificate and I tried with the settings in the picture "port 21 - Require explicit FTP over TLS".

Image
Image

I also tried with port 990 and implicit FTP and it’s still not working. However, it was working with port 990 and implicit FTP with the auto-signed certificate.
Futhermore, I don't know why Filezilla service is constantly turning off.
Attachments
Imacge.jpg
Imacge.jpg (65.05 KiB) Viewed 4033 times

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: TLS - FileZilla Server 1.2.0

#2 Post by botg » 2022-01-07 08:43

What does it say in the log if you try to use FTP over TLS?

Nast
504 Command not implemented
Posts: 11
Joined: 2022-01-06 07:43
First name: Nastasia
Last name: Potts

Re: TLS - FileZilla Server 1.2.0

#3 Post by Nast » 2022-01-07 09:34

Thanks for answering so quickly. When I try to log in on ftps://ftp.xx.com with port 990 I received "Error GnuTLS - 15:An unexpected TLS packet was received" when it's configure with Require explicit FTP over TLS because when I try on port 990 with Implicit FTP over TLS I received "Impossible to establish a connexion "

User avatar
boco
Contributor
Posts: 26899
Joined: 2006-05-01 03:28
Location: Germany

Re: TLS - FileZilla Server 1.2.0

#4 Post by boco » 2022-01-07 09:57

To clear up some confusion: port 990 is strictly for Implicit FTP over TLS (which is not standardized and thus not recommended). The preferred and recommended Explicit FTP over TLS connect to port 21 (by default, at least).

Not all servers support Implicit FTPS and the ones that do not have that port closed.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

Nast
504 Command not implemented
Posts: 11
Joined: 2022-01-06 07:43
First name: Nastasia
Last name: Potts

Re: TLS - FileZilla Server 1.2.0

#5 Post by Nast » 2022-01-07 10:52

Thanks for the explanation. So I should configure Explicit FTP over TLS and connect to port 21, but I still received the same error : "Error GnuTLS - 15:An unexpected TLS packet was received"

User avatar
boco
Contributor
Posts: 26899
Joined: 2006-05-01 03:28
Location: Germany

Re: TLS - FileZilla Server 1.2.0

#6 Post by boco » 2022-01-07 11:43

What FTP client do you use?
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

Nast
504 Command not implemented
Posts: 11
Joined: 2022-01-06 07:43
First name: Nastasia
Last name: Potts

Re: TLS - FileZilla Server 1.2.0

#7 Post by Nast » 2022-01-07 13:23

I use FileZilla as FTP client. I did try to put on TLS options for the certificate

User avatar
boco
Contributor
Posts: 26899
Joined: 2006-05-01 03:28
Location: Germany

Re: TLS - FileZilla Server 1.2.0

#8 Post by boco » 2022-01-07 13:37

You have provided a key (GoDaddy2019.key) and a cert. What concerns me is that the key is named GoDaddy2019, yet the cert is valid from 2021 to 2022. The certificate and key specified must match (be from the same CSR). Could you have accidentally have selected a defunct key as "Private key file"?
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

Nast
504 Command not implemented
Posts: 11
Joined: 2022-01-06 07:43
First name: Nastasia
Last name: Potts

Re: TLS - FileZilla Server 1.2.0

#9 Post by Nast » 2022-01-07 14:24

No,I think they match. I only have those files.

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: TLS - FileZilla Server 1.2.0

#10 Post by botg » 2022-01-07 16:57

What format is the keyfile in? In needs to be in PEM.

Nast
504 Command not implemented
Posts: 11
Joined: 2022-01-06 07:43
First name: Nastasia
Last name: Potts

Re: TLS - FileZilla Server 1.2.0

#11 Post by Nast » 2022-01-10 08:25

The keyfile was .key and I used .pem for the certificate. Should I use .pem as keyfile and .cert as certificate ?

User avatar
boco
Contributor
Posts: 26899
Joined: 2006-05-01 03:28
Location: Germany

Re: TLS - FileZilla Server 1.2.0

#12 Post by boco » 2022-01-10 09:23

For what I know, both must be in PEM. Note that we refer to the internal format of the file, not merely the file extension. So, no matter if the key file ends in .key, .pem, or .bupkis, its internal format must be PEM. If it's in another format, currently, like PKCS, you need to convert it.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

Nast
504 Command not implemented
Posts: 11
Joined: 2022-01-06 07:43
First name: Nastasia
Last name: Potts

Re: TLS - FileZilla Server 1.2.0

#13 Post by Nast » 2022-01-10 16:48

I converted both in PEM and I still having the same issue.

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: TLS - FileZilla Server 1.2.0

#14 Post by botg » 2022-01-10 18:17

Please post a log from both the client and the server showing a connection attempt.

andyw
500 Command not understood
Posts: 2
Joined: 2022-01-12 05:01
First name: Andy
Last name: Wylde

Re: TLS - FileZilla Server 1.2.0

#15 Post by andyw » 2022-01-12 05:14

I am having the same issue with TLS and Filezilla. I have used FileZilla in the past with vsftp without issue. But had a new computer, downloaded lastest version and it fails. I've gone through several articles with suggested fixes but they usually deal with the failure to make a TLS connection, rather than making a connection and then bailing. I tried all the suggestions in any case but they didn't help. I have tried this with both a self-signed certificate and a commercial certificate (and matching key). It makes the TLS connection but then gets this error. Have no idea what it means or why.

From the client:

Status: Connecting to (removed for post):21...
Status: Connection established, waiting for welcome message...
Response: 220 (vsFTPd 3.0.3)
Command: AUTH TLS
Response: 234 Proceed with negotiation.
Status: Initializing TLS...
Status: TLS connection established.
Command: USER fourclarks
Response: 331 Please specify the password.
Command: PASS ************
Error: GnuTLS error -15 in gnutls_record_recv: An unexpected TLS packet was received.
Error: Could not read from socket: ECONNABORTED - Connection aborted
Error: Could not connect to server

From the Server (vsftpd.log):

Tue Jan 11 21:53:42 2022 [pid 27024] CONNECT: Client "::ffff: (removed for post)"
Tue Jan 11 21:53:51 2022 [pid 27018] [fourclarks] OK LOGIN: Client "::ffff: (removed for post)"
Tue Jan 11 21:53:56 2022 [pid 27034] CONNECT: Client "::ffff: (removed for post)"
Tue Jan 11 21:53:56 2022 [pid 27033] [fourclarks] OK LOGIN: Client "::ffff: (removed for post)"

Not much to go on ....... I can make you an account on the server if you want so you can try it yourself.

Andy

Post Reply