GnuTls error -87, but client HELLO shows supported suites

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
fwedemeier
500 Command not understood
Posts: 5
Joined: 2022-05-22 17:53
First name: Fred
Last name: Wedemeier

GnuTls error -87, but client HELLO shows supported suites

#1 Post by fwedemeier » 2022-06-29 22:05

I'm building an FTPS client for an IOT device, using FileZilla 1.4.1 as the test server. Filezilla reports GnuTLS error -87 (No supported cipher suites have been found) when it receives the client HELLO.

First, the device can successfully negotiate SSL/TLS sessions with email servers, successfully communicates with the Amazon MQTT broker, and can successfully negotiate https GET and PUT transfers with AWS. Thus it appears the client's mbed TLS stack is functional.

A decoded client HELLO is attached. "@@@@@@" notes IANA cipher suite numbers in common between my client and the Filezilla list shown in the "viewtopic.php?t=39441" forum article.

Any ideas about what's going on here?
Attachments
hello.txt
(2.94 KiB) Downloaded 44 times

User avatar
boco
Contributor
Posts: 26899
Joined: 2006-05-01 03:28
Location: Germany

Re: GnuTls error -87, but client HELLO shows supported suites

#2 Post by boco » 2022-06-30 00:40

Please note that the forum post is from 2015 and no longer correct. Many, if not most of these ciphers have since been abandoned. Additionally, the post was for the client, not the server.

FileZilla Server 1.x requires at least TLS 1.2 support and High grade ciphers.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 35492
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: GnuTls error -87, but client HELLO shows supported suites

#3 Post by botg » 2022-06-30 08:02

Could it be that your client's TLS implementation does not support modern certificates using ECDSA signatures?

fwedemeier
500 Command not understood
Posts: 5
Joined: 2022-05-22 17:53
First name: Fred
Last name: Wedemeier

Re: GnuTls error -87, but client HELLO shows supported suites

#4 Post by fwedemeier » 2022-06-30 22:42

Thank you for the reply! The client did not have ECDSA signatures enabled. Adding ECDSA fixes the problem.

Post Reply