Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.
Moderator: Project members
-
gaba
- 504 Command not implemented
- Posts: 6
- Joined: 2020-04-23 18:00
- First name: Edward
#1
Post
by gaba » 2020-04-23 18:20
Hi!
After last update to version 3.47.2.1 on Debain Buster
(same as 3.48.0-rc1)
got an error while ftpes connection:
Code: Select all
220 Welcome to FTP.
CFtpLogonOpData::ParseResponse() in state 1
CControlSocket::SendNextCommand()
CFtpLogonOpData::Send() in state 2
AUTH TLS
CFtpControlSocket::OnReceive()
234 Proceed with negotiation.
CFtpLogonOpData::ParseResponse() in state 2
Инициализирую TLS...
tls_layer_impl::client_handshake()
tls_layer_impl::continue_handshake()
TLS handshake: About to send CLIENT HELLO
TLS handshake: Sent CLIENT HELLO
tls_layer_impl::on_send()
tls_layer_impl::continue_handshake()
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
TLS handshake: Received SERVER HELLO
TLS handshake: Processed SERVER HELLO
TLS handshake: Received CERTIFICATE
TLS handshake: Processed CERTIFICATE
TLS handshake: Received SERVER KEY EXCHANGE
TLS handshake: Processed SERVER KEY EXCHANGE
tls_layer_impl::failure(-89)
Ошибка: Ошибка GnuTLS -89: Public key signature verification has failed.
Статус: Не удалось установить соединение с "ECONNABORTED - Соединение прервано".
CRealControlSocket::OnSocketError(103)
CRealControlSocket::DoClose(66)
CControlSocket::DoClose(66)
CFtpControlSocket::ResetOperation(66)
CControlSocket::ResetOperation(66)
CFtpLogonOpData::Reset(66) in state 4
Previous version Filezilla work fine: 3.44 or 3.45
My system:
Debain Buster 5.4.0-0.bpo.4-amd64
GnuTLS 3.6.7-4+deb10u3
Remote server: vsftpd 3.0.3
How to fix this error?
-
botg
- Site Admin
- Posts: 35566
- Joined: 2004-02-23 20:49
- First name: Tim
- Last name: Kosse
#2
Post
by botg » 2020-04-24 08:48
Most likely something is wrong with the server's TLS configuration. What is the server's address?
-
gaba
- 504 Command not implemented
- Posts: 6
- Joined: 2020-04-23 18:00
- First name: Edward
#3
Post
by gaba » 2020-04-24 14:30
botg wrote: ↑2020-04-24 08:48
Most likely something is wrong with the server's TLS configuration. What is the server's address?
Previous version Filezilla work fine: 3.44 or 3.45
Now checked version 3.39 from Debian Buster - work fine.
-
botg
- Site Admin
- Posts: 35566
- Joined: 2004-02-23 20:49
- First name: Tim
- Last name: Kosse
#4
Post
by botg » 2020-04-24 15:00
The different client version is most likely just the trigger, not the cause.
What is the server's address?
-
gaba
- 504 Command not implemented
- Posts: 6
- Joined: 2020-04-23 18:00
- First name: Edward
#5
Post
by gaba » 2020-05-07 14:27
I tried on 2 servers.
First server (Gentoo Linux, vsftpd 3.0.3):
Code: Select all
tls_layer_impl::client_handshake()
tls_layer_impl::continue_handshake()
TLS handshake: About to send CLIENT HELLO
TLS handshake: Sent CLIENT HELLO
tls_layer_impl::on_send()
tls_layer_impl::continue_handshake()
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
TLS handshake: Received SERVER HELLO
TLS handshake: Processed SERVER HELLO
TLS handshake: Received CERTIFICATE
TLS handshake: Processed CERTIFICATE
TLS handshake: Received SERVER KEY EXCHANGE
TLS handshake: Processed SERVER KEY EXCHANGE
tls_layer_impl::failure(-89)
Ошибка: Ошибка GnuTLS -89: Public key signature verification has failed.
Second (Debian 9, vsftpd 3.0.3)
Code: Select all
tls_layer_impl::client_handshake()
tls_layer_impl::continue_handshake()
TLS handshake: About to send CLIENT HELLO
TLS handshake: Sent CLIENT HELLO
tls_layer_impl::on_send()
tls_layer_impl::continue_handshake()
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
TLS handshake: Received HELLO RETRY REQUEST
TLS handshake: Processed HELLO RETRY REQUEST
TLS handshake: About to send CLIENT HELLO
TLS handshake: Sent CLIENT HELLO
tls_layer_impl::on_read()
tls_layer_impl::continue_handshake()
tls_layer_impl::failure(-12)
Ошибка: От сервера получено TLS оповещение: Illegal parameter (47)
On client Debain Buster, Filezilla 3.48.0
Previous version work fine (3.46.3).
If these errors are related to use TLSv1.1 and TLSv1.2, note that this patch is not applied in current version Vsftpd on Debian (Ubuntu, etc).
https://serverfault.com/questions/99623 ... sl-tlsv1-1
https://bugs.launchpad.net/ubuntu/+sour ... ug/1804430
-
botg
- Site Admin
- Posts: 35566
- Joined: 2004-02-23 20:49
- First name: Tim
- Last name: Kosse
#6
Post
by botg » 2020-05-08 07:13
What are the server addresses? Without stepping through the handshake this is impossible to diagnose.
-
gaba
- 504 Command not implemented
- Posts: 6
- Joined: 2020-04-23 18:00
- First name: Edward
#7
Post
by gaba » 2020-06-23 18:22
Check
5.135.156.19
51.75.74.153
Now when connect i get error: Illegal parameter (47)
I tryed Filezilla 3.48.1 on Debian Buster and latest Arch.
-
botg
- Site Admin
- Posts: 35566
- Joined: 2004-02-23 20:49
- First name: Tim
- Last name: Kosse
#8
Post
by botg » 2020-06-24 07:56
If it exists on your system, what are the contents of the file /etc/gnutls/config ?
-
gaba
- 504 Command not implemented
- Posts: 6
- Joined: 2020-04-23 18:00
- First name: Edward
#9
Post
by gaba » 2020-06-26 07:22
No, not found on all systems.
-
botg
- Site Admin
- Posts: 35566
- Joined: 2004-02-23 20:49
- First name: Tim
- Last name: Kosse
#10
Post
by botg » 2020-06-26 09:40
Could it possibly be a faulty firewall or other TLS inspecting/breaking middleware that cannot handle something in the handshake?