We are facing an issue where the Latest Filezilla client (Windows 10, 3.48.0, gnutls 3.6.12) is having intermittent communication issues to our pure-ftpd server over TLS.
We notice when transferring a large amount of files a small amount of data connections (maybe a few hundred out of 5000 file transfers) will fail mid session, and most times the control session will also fail.
I was able to replicate the issue using a fresh docker container on our local network spec'ed out below. I used this container https://hub.docker.com/r/stilliard/pure-ftpd/
pure-ftpd server v1.0.49
TLS1.2 using cipher 0xc030 (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 or ECDHE-RSA-AES256-GCM-SHA384)
Server is on same LAN as Client, no firewalls, connected by single basic switch.
Without TLS (plaintext) I see no issues on the latest client.
I found an old version of FileZilla that we had laying around (v3.9.0.6, gnutls 3.2.19) that does NOT have these issues while using TLS. Checking with wireshark, the same cipher (0xc030) is used.
I'm not quite sure where the issue is (the server, or the client) but i can only assume that there is some incompatibility between the versions of OpenSSL/GnuTLS that's being used?
Debug log when PASV DATA connection fails, interesting to note that the connection succeeded but after transferring some data it failed.
Code: Select all
2020-05-18 15:17:48 17536 4 Status: Starting download of /public_html/wp-content/plugins/someplugin/somefile.php
2020-05-18 15:17:48 17536 4 Command: PASV
2020-05-18 15:17:48 17536 4 Response: 227 Entering Passive Mode (10,X,X,105,117,51)
2020-05-18 15:17:48 17536 4 Command: RETR somefile.php
2020-05-18 15:17:48 17536 4 Response: 150-Accepted data connection
2020-05-18 15:17:48 17536 4 Response: 150 11.7 kbytes to download
2020-05-18 15:17:48 17536 4 Error: Could not read from socket: ECONNRESET - Connection reset by peer
2020-05-18 15:17:48 17536 4 Error: Disconnected from server
2020-05-18 15:17:48 17536 4 Error: File transfer failed after transferring 12,419 bytes in 1 second
Force reconnecting the client immediately resolves the "connection" issue.
Any help finding what may be causing this is much appreciated. Thank you!