Is there a way to turn off the TLS default in the latest Filezilla?
Moderator: Project members
-
- 500 Command not understood
- Posts: 3
- Joined: 2015-01-08 22:01
- First name: Laura
- Last name: Clifford
Is there a way to turn off the TLS default in the latest Filezilla?
I get errors trying to connect to the site I ftp to most frequently and all the admin will tell me is to 'turn it off.' I haven't been able to figure out a way to do this....
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Error: GnuTLS error -12: A TLS fatal alert has been received.
Error: Could not connect to server
Status: Waiting to retry...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.3.5 Server
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Error: GnuTLS error -12: A TLS fatal alert has been received.
Error: Could not connect to server
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Error: GnuTLS error -12: A TLS fatal alert has been received.
Error: Could not connect to server
Status: Waiting to retry...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.3.5 Server
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Error: GnuTLS error -12: A TLS fatal alert has been received.
Error: Could not connect to server
Re: Is there a way to turn off the TLS default in the latest Filezilla?
1. In the Site Manager entry for your server, set Encryption to 'Plain FTP'.
2. Since plain FTP is insecure, demand a fix from them.
2. Since plain FTP is insecure, demand a fix from them.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 3
- Joined: 2015-01-08 22:01
- First name: Laura
- Last name: Clifford
Re: Is there a way to turn off the TLS default in the latest Filezilla?
Thanks - I haven't gotten strong impressions on their technical abilities.
Re: Is there a way to turn off the TLS default in the latest Filezilla?
Yeah, that's what we deal with right now: Lazy bum server admins. The problem is that users get burned for their laziness...
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 3
- Joined: 2015-01-08 22:01
- First name: Laura
- Last name: Clifford
Re: Is there a way to turn off the TLS default in the latest Filezilla?
Great - they're refusing to do anything because it 'will break it for everyone else.'
-
- 504 Command not implemented
- Posts: 6
- Joined: 2015-01-19 23:13
- First name: Matt
- Last name: Auckland
- Location: UK
Re: Is there a way to turn off the TLS default in the latest Filezilla?
In defence of server admins FileZilla was working just fine, until I was notified of an update. Now I'm also getting the same TLS error.
So as it was working perfectly prior to the update, and isn't now, that would suggest the fault is with a modification to FileZilla. So the question is, what has been modified with TLS in FileZilla that could have caused this issue?
So as it was working perfectly prior to the update, and isn't now, that would suggest the fault is with a modification to FileZilla. So the question is, what has been modified with TLS in FileZilla that could have caused this issue?
Re: Is there a way to turn off the TLS default in the latest Filezilla?
How is fixing a server that definitely isn't working correctly breaking it for "everyone" else?laurareeling wrote:Great - they're refusing to do anything because it 'will break it for everyone else.'
Nothing has been modified with TLS. Before you simply were not using TLS at all. Now you are if the server says it supports it.So as it was working perfectly prior to the update, and isn't now, that would suggest the fault is with a modification to FileZilla. So the question is, what has been modified with TLS in FileZilla that could have caused this issue?
-
- 504 Command not implemented
- Posts: 6
- Joined: 2015-01-19 23:13
- First name: Matt
- Last name: Auckland
- Location: UK
Re: Is there a way to turn off the TLS default in the latest Filezilla?
Well if anyone else comes across this issue, and runs a server or VPS with Plesk 12 and Linux (CentOS 6.5 64bit in my case), this is how you can resolve it:-
Login to your server via SSH (terminal) or using the Digital Ocean console, and enter the following command to edit the ProFTP configuration file:
Enter Insert mode by pressing the Escape key to make sure your are in Command mode, followed by pressing the A key to enter Insert mode.
Move to the bottom of the file using the cursor keys, and add the following lines of code:
Finally we need to save and exit. Do this by pressing the Escape key to enter Command mode, and then type :wq and press Enter.
Then for the changes to take effect, reboot the server using this command:
Hope that helps someone else, as it took me a little while to work out what was needed. Incidentally this solution doesn't effect non-TLS FTP connections, so won't cause issues to other users.
Login to your server via SSH (terminal) or using the Digital Ocean console, and enter the following command to edit the ProFTP configuration file:
Code: Select all
vi /etc/proftpd.conf
Move to the bottom of the file using the cursor keys, and add the following lines of code:
Code: Select all
# TLS
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/tls.log
TLSProtocol SSLv3 TLSv1
TLSRequired off
TLSOptions NoCertRequest
TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem
TLSVerifyClient off
TLSRenegotiate required off
</IfModule>
Then for the changes to take effect, reboot the server using this command:
Or reboot proftpd only using the following command:shutdown -r now
Code: Select all
/etc/init.d/xinetd restart
Hope that helps someone else, as it took me a little while to work out what was needed. Incidentally this solution doesn't effect non-TLS FTP connections, so won't cause issues to other users.
Re: Is there a way to turn off the TLS default in the latest Filezilla?
These are insecure options.mattauckland wrote: TLSProtocol SSLv3
TLSRenegotiate required off
Unnecessary, as they're already off by default.mattauckland wrote: TLSRequired off
TLSVerifyClient off
Completely unnecessary to reboot the entire server, or even the proftpd process for that matter. You could simply send the HUP signal to reload the configuration.mattauckland wrote: Then for the changes to take effect, reboot the server using this command:
shutdown -r now
-
- 504 Command not implemented
- Posts: 6
- Joined: 2015-01-19 23:13
- First name: Matt
- Last name: Auckland
- Location: UK
Re: Is there a way to turn off the TLS default in the latest Filezilla?
Those steps are actually part of a larger configuration in a guide I wrote, and the shutdown/restart is needed.
The other settings are taken from PROFTPD's website, part of the guide to enabling TLS. So if it is wrong, you best let them know.
The other settings are taken from PROFTPD's website, part of the guide to enabling TLS. So if it is wrong, you best let them know.
Re: Is there a way to turn off the TLS default in the latest Filezilla?
SSLv3 is deprecated, FileZilla doesn't support it anymore. That is a reason for getting TLS Fatal error -12.
Session renegotiation should be enabled.
Session renegotiation should be enabled.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Is there a way to turn off the TLS default in the latest Filezilla?
Renegotiation isn't needed. Are you confusing it with session reuse/resumption? Use of session reuse/resumption is very much desired for both security and performance reasons.boco wrote:Session renegotiation should be enabled.
-
- 504 Command not implemented
- Posts: 6
- Joined: 2015-01-19 23:13
- First name: Matt
- Last name: Auckland
- Location: UK
Re: Is there a way to turn off the TLS default in the latest Filezilla?
Actually the reason for the TLS Fatal error -12 was that TLS wasn't enabled in the config.
I resolved the fatal error by adding TLS to PROFTPD.
I resolved the fatal error by adding TLS to PROFTPD.
Re: Is there a way to turn off the TLS default in the latest Filezilla?
That is very poor for a server configuration. If TLS is disabled it MUST reject the AUTH commands. One to tell to the ProFTPd people, I guess.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Is there a way to turn off the TLS default in the latest Filezilla?
Why are users forced to use TLS as default now?
I'm not using that unsecure site manager as passwords are stored unencrypted (!) in a plain xml/text file, easy accessible for malware and other bad guys. So why encrypt the connection at all then?!
I'm using FileZilla via cli within KeePass. The Connection type can be controlled with the "protocol" here in some way (sftp://, ftps://, ftpes://) but "ftp://" has to be plain FTP !
There has to be at least an option in the settings to control this automatic behaviour.
Changing the security settings for all ftp sites in the world is no reasonable way.
I'm now switching back to v3.9 until this gets fixed.
Thanks!
I'm not using that unsecure site manager as passwords are stored unencrypted (!) in a plain xml/text file, easy accessible for malware and other bad guys. So why encrypt the connection at all then?!
I'm using FileZilla via cli within KeePass. The Connection type can be controlled with the "protocol" here in some way (sftp://, ftps://, ftpes://) but "ftp://" has to be plain FTP !
There has to be at least an option in the settings to control this automatic behaviour.
Changing the security settings for all ftp sites in the world is no reasonable way.
I'm now switching back to v3.9 until this gets fixed.
Thanks!