FileZilla Server 0.9.44 and OpenSSL on Windows 2003

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
javierb
500 Command not understood
Posts: 2
Joined: 2014-04-09 13:37
First name: javier
Last name: b

FileZilla Server 0.9.44 and OpenSSL on Windows 2003

#1 Post by javierb » 2014-04-09 13:47

Hi Support:

Today I've tried to install Filezilla Server 0.9.44 on this Windows Server 2003 and it says this OS is no longer supported and it will not work on this OS.

Will you please provide us with some workaround as the previous version is seriously crippled by the openSSH vulnerability?

Best Regards,
Javier
Last edited by botg on 2014-04-12 08:02, edited 2 times in total.
Reason: Fixed topic title, it's OpenSSL.

captainberk
500 Command not understood
Posts: 1
Joined: 2014-04-09 12:54
First name: Jay
Last name: Stanyer

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#2 Post by captainberk » 2014-04-09 13:53

Hi,

I'm also having this issue - will there be a version released that is compatible with Windows Server 2003?

Thanks

danielmccann
500 Command not understood
Posts: 2
Joined: 2014-04-09 15:12
First name: Dan
Last name: McCann

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#3 Post by danielmccann » 2014-04-09 15:17

Me too.

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#4 Post by botg » 2014-04-09 16:50

Windows Server 2003 is a derivative of Windows XP. Support for Windows XP and derivates has been dropped, XP since its an outdated and unsupported operating system, derivatives for technical reasons.

javierb
500 Command not understood
Posts: 2
Joined: 2014-04-09 13:37
First name: javier
Last name: b

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#5 Post by javierb » 2014-04-09 17:52

Sorry to hear about that but thank you anyway for your quick reply.
Best Regards,
Javier

omonnig
500 Command not understood
Posts: 2
Joined: 2014-04-09 18:33
First name: Otto
Last name: Monnig

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#6 Post by omonnig » 2014-04-09 18:48

You had my gratitude for providing an excellent product.

By withdrawing support for Windows XP, you also withdrew support for Server 2003. Many of us sysadmins are stuck maintaining older server platforms, with no chance of upgrading soon.

The Heartbleed bug has caused a mad scramble around my shop the verify which software was vulnerable. I commend you for quickly offering a patch.

But, because you no longer support Server 2003, I have to rip your software from all of my servers and find a replacement. Immediately. :x

Please reconsider support for Server 2003.

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#7 Post by botg » 2014-04-09 21:40

Why not upgrade to a more modern Windows version?

surr34l
500 Syntax error
Posts: 15
Joined: 2014-04-10 00:29
First name: surreal
Last name: surreal

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#8 Post by surr34l » 2014-04-10 00:44

It's not always feasible to say: upgrade your operating system and hope that all of your software/modules/etc still work. Oh yah, and do it right now because there is a major security flaw out there in a 3rd party component not associated with the operating system.

I don't mind that you don't support XP/2k3 anymore. But there's still a lot of people who use those operating systems and it would be nice to see some concern for your users who do so.

Some ideas or brainstorming on what can be done to protect these users who are unable to install the patched v.44 would be very gratifying to see.

Would it be possible to just use the updated files pertaining to OpenSSL from the v.44 package and copy them into existing v.43/v.42 installs:

ssleay32.dll
libeay32.dll

Would that work in protecting affected users on older systems?

Would there be anything else necessary to do in addition to copying those new files from the v.44 install in order to update OpenSSL for your software?

An OS upgrade isn't possible for some, not feasible for others, and while there are some considering and preparing for an OS upgrade since XP/2k3 support just ended, the DO IT RIGHT NOW OR YOU'RE DATA IS EXPOSED is not always possible without proper testing of existing software/modules/etc.

A major vulnerability should bring people together to find a solution instead of alienating those users and basically telling them to go somewhere else.

I have some customers who have upgraded, who are in the process of upgrading, and those who are considering upgrading. I also have a couple of customers who use only software that works on the older operating systems and CAN'T upgrade. Just a thought.

acasado
500 Command not understood
Posts: 1
Joined: 2014-04-10 07:17
First name: Antonio
Last name: Casado

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#9 Post by acasado » 2014-04-10 08:20

Hi all

I need update Filezilla Server in Windows Server 2003 R2. The EOL is 14/07/2015.

Can you release the software for Windows Server 2003?

Thanks you.

surr34l
500 Syntax error
Posts: 15
Joined: 2014-04-10 00:29
First name: surreal
Last name: surreal

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#10 Post by surr34l » 2014-04-10 10:00

Considering the severity of this vulnerability, I would think that the extra time to compile a Windows XP and Server 2003 as an exception this one time should be at least considered.

Yes, it would take a bit of extra time.. but would you rather have users get their data stolen and hacked instead?

I don't know anything about compiling and I can't find instructions on how to compile FileZilla Server, or I would give it a try for Windows XP myself.

The best I found was the compiling instructions for FileZilla Client, and didn't get past the first command without errors when following the instructions step by step.. so either the instructions are old, are incomplete, or not sufficient for me to be able to get it done.

Franklin
500 Command not understood
Posts: 2
Joined: 2014-04-10 11:36
First name: Chester

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#11 Post by Franklin » 2014-04-10 12:13

First of all as a long time software developer I want to say how much respect I have for Tim's achievements with Filezilla.
However Officially Windows 2003 Server Support continues from Microsoft until 7/14/2015.
It has been a good product and we plan to continue using it until it's life cycle is completed.
Thanks ahead for any consideration for continuing 2003 server support.

mmannix316
500 Command not understood
Posts: 1
Joined: 2014-04-10 15:35
First name: mark
Last name: mannix

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#12 Post by mmannix316 » 2014-04-10 15:42

Since you are not releasing a 2003 version, if the ssl capablity is turned off is there still a vulnerability?

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#13 Post by boco » 2014-04-10 17:24

mmannix316 wrote:Since you are not releasing a 2003 version, if the ssl capablity is turned off is there still a vulnerability?
Using unencrypted FTP is even worse.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#14 Post by botg » 2014-04-10 17:43

Actually the SSL vulnerability is worse than not using SSL in the first place. That's how bad this vulnerability is.

cvanbrederode
500 Command not understood
Posts: 3
Joined: 2010-03-15 18:23
First name: Chris
Last name: Van Brederode

Re: FileZilla Server 0.9.44 and OpenSSH on Windows 2003

#15 Post by cvanbrederode » 2014-04-11 13:59

I took a look at the svn logs, and it seems support for XP/2003 was removed simply by changing the Visual Studio project files.

For my own use (since I run server 2003 and don't the money or hardware to upgrade), I'm going to (try to) roll back those changes and build my own version that will install and run. If anyone wants me to send them info or perhaps a binary (once I'm done and successful), drop me a line.

C

Post Reply