I'm building an FTPS client for an IOT device, using FileZilla 1.4.1 as the test server. Filezilla reports GnuTLS error -87 (No supported cipher suites have been found) when it receives the client HELLO.
First, the device can successfully negotiate SSL/TLS sessions with email servers, successfully communicates with the Amazon MQTT broker, and can successfully negotiate https GET and PUT transfers with AWS. Thus it appears the client's mbed TLS stack is functional.
A decoded client HELLO is attached. "@@@@@@" notes IANA cipher suite numbers in common between my client and the Filezilla list shown in the "viewtopic.php?t=39441" forum article.
Any ideas about what's going on here?
GnuTls error -87, but client HELLO shows supported suites
Moderator: Project members
-
- 500 Command not understood
- Posts: 5
- Joined: 2022-05-22 17:53
- First name: Fred
- Last name: Wedemeier
GnuTls error -87, but client HELLO shows supported suites
- Attachments
-
- hello.txt
- (2.94 KiB) Downloaded 71 times
Re: GnuTls error -87, but client HELLO shows supported suites
Please note that the forum post is from 2015 and no longer correct. Many, if not most of these ciphers have since been abandoned. Additionally, the post was for the client, not the server.
FileZilla Server 1.x requires at least TLS 1.2 support and High grade ciphers.
FileZilla Server 1.x requires at least TLS 1.2 support and High grade ciphers.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: GnuTls error -87, but client HELLO shows supported suites
Could it be that your client's TLS implementation does not support modern certificates using ECDSA signatures?
-
- 500 Command not understood
- Posts: 5
- Joined: 2022-05-22 17:53
- First name: Fred
- Last name: Wedemeier
Re: GnuTls error -87, but client HELLO shows supported suites
Thank you for the reply! The client did not have ECDSA signatures enabled. Adding ECDSA fixes the problem.