FTPES disconnects
Moderator: Project members
-
- 500 Syntax error
- Posts: 16
- Joined: 2012-02-16 08:16
- First name: Sachin
- Last name: Shetty
Re: FTPES disconnects
My question was more for original poster xeon to see if he has figured out a workaround.
botg/boco,
I could provide you ftp access to our test server where this is consistently reproducible. Let me know if that works for you.
botg/boco,
I could provide you ftp access to our test server where this is consistently reproducible. Let me know if that works for you.
Re: FTPES disconnects
That would be @botg, then, as I'm not a developer.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: FTPES disconnects
Unfortunately, I don't see any way to work around it on FileZilla.sachintheonly wrote:My question was more for original poster xeon to see if he has figured out a workaround.
botg/boco,
I could provide you ftp access to our test server where this is consistently reproducible. Let me know if that works for you.
I have a feeling it's related to GnuTLS, but I have no evidence to support that other than the fact that they seem to break session reuse for FileZilla quite often.
It's not a huge deal since the transfer automatically starts up again and resumes where it left off.
I did test WinSCP and lftp however, and neither of them had this problem, they're using OpenSSL though.
Re: FTPES disconnects
Can you please send me login credentials to a server where you're experience the problem?
-
- 500 Syntax error
- Posts: 16
- Joined: 2012-02-16 08:16
- First name: Sachin
- Last name: Shetty
Re: FTPES disconnects
botg,
Can you please give me your email address where I could send the temporary credentials?
Can you please give me your email address where I could send the temporary credentials?
Re: FTPES disconnects
It's on the Contact page.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Syntax error
- Posts: 16
- Joined: 2012-02-16 08:16
- First name: Sachin
- Last name: Shetty
Re: FTPES disconnects
I have sent the details to the contact email address.
Last edited by boco on 2012-09-28 14:27, edited 1 time in total.
Reason: Please do never post plain email addresses into public forums. Spammers will harvest these addresses.
Reason: Please do never post plain email addresses into public forums. Spammers will harvest these addresses.
Re: FTPES disconnects
Good news, I managed to reproduce it on the test system. It appears that GnuTLS' function gnutls_session_set_data fails modifies the internal state of the session upon failure [*]. My solution to the problem is to throw away the session and to reinitialize it when gnutls_session_set_data fails. I still need an hour or so to test if the fix really works.
[*] It can be argued that leaving an object in an inconsistent state after a failed method call is a case of bad software design.
[*] It can be argued that leaving an object in an inconsistent state after a failed method call is a case of bad software design.
Re: FTPES disconnects
The issue seems to have gotten worse with version 3.6.0-beta1.
After 1 hour, instead of the next transfer just failing once and automatically resuming, it actually errors out the remainder of the queue with this:
03:36:41 Response: 522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page
03:36:41 Error: File transfer failed
Also, on an unrelated note, I noticed that AES in CBC mode seems to be preferred over AES in GCM mode, seems a bit backwards.
After 1 hour, instead of the next transfer just failing once and automatically resuming, it actually errors out the remainder of the queue with this:
03:36:41 Response: 522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page
03:36:41 Error: File transfer failed
Also, on an unrelated note, I noticed that AES in CBC mode seems to be preferred over AES in GCM mode, seems a bit backwards.
Re: FTPES disconnects
Not much we can do here. The server requires session reuse, yet the very same server poses a 1 hour expiration limit on the session lifetime.
This problem cannot be fixed client-side, only worked around with extreme effort
This problem cannot be fixed client-side, only worked around with extreme effort
Re: FTPES disconnects
Have you looked into vsftpd to verify that this is definitely the case?botg wrote:Not much we can do here. The server requires session reuse, yet the very same server poses a 1 hour expiration limit on the session lifetime.
This problem cannot be fixed client-side, only worked around with extreme effort
Taking a quick look at their source code, it looks like he set INT_MAX for the session expiration, which shows as about 68 years.
I also get no errors using WinSCP, lftp or cURL for over an hour using the same session.
Also, did you find out why AES-CBC is being preferring over AES-GCM?
Thanks
Re: FTPES disconnects
Indeed, I've been mistaken.Taking a quick look at their source code, it looks like he set INT_MAX for the session expiration, which shows as about 68 years.
Upon closer inspection, it turns that GnuTLS itself is imposing a client-side limit of one hour, controlled through the gnutls_db_set_cache_expiration function. Unfortunately the documentation doesn't mention that it actually controls the session lifetime itself, not just the caching of the session. At least with FTP, the session doesn't need to be cached as its an intrinsic part of the control connection that stays open.
No, not yet.xeon wrote:Also, did you find out why AES-CBC is being preferring over AES-GCM?
Re: FTPES disconnects
Please try the latest build from http://filezilla-project.org/nightly.php
Re: FTPES disconnects
That appears to have fixed it.botg wrote:Please try the latest build from http://filezilla-project.org/nightly.php
Also, I noticed you added a cipher tool to the debug menu, odd how all the predefined cipher-spec strings for GnuTLS all seem to prefer CBC mode over GCM.
Hopefully something can be done about that, GCM mode is far superior as it removes all the problems of AES-CBC, and GCM itself is hardware accelerated on newer chips along with AES, making it very fast.
Thanks
Re: FTPES disconnects
Hello,
Are there any plans to prefer AES GCM over CBC?
It appears RC1 is still preferring CBC mode.
Thanks
Are there any plans to prefer AES GCM over CBC?
It appears RC1 is still preferring CBC mode.
Thanks