Server did not properly shut down TLS connection

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Locked
Message
Author
soh_rah
500 Command not understood
Posts: 2
Joined: 2008-07-30 17:13
First name: Sohi
Last name: Rashed

Server did not properly shut down TLS connection

#1 Post by soh_rah » 2008-07-30 18:28

Hi,

I am getting an error saying that "Server did not properly shut down TLS connection" when I try to connect to a secure server.
after that I get the following lines:

Could not read from transfer socket: ECONNABORTED - Connection aborted
Error: Failed to retrieve directory listing
Error: Connection closed by server

Can anybody help me figure out what is wrong.

Thanks,
Sohi.

User avatar
botg
Site Admin
Posts: 35506
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Server did not properly shut down TLS connection

#2 Post by botg » 2008-07-30 20:07

You need to upgrade to a better server. Like for example FileZilla Server 0.9.27 or vsftpd 2.0.7, those are known to perform the mandatory SSL/TLS shutdown as required by the specifications.

rleach
500 Command not understood
Posts: 1
Joined: 2008-09-26 14:26
First name: R
Last name: Leach

Re: Server did not properly shut down TLS connection

#3 Post by rleach » 2008-09-26 14:39

We are having the same problem but only with the Filezilla client on a linux box.

We are running vsftpd 2.0.5 on Debian Linux using secure SSL in passive mode.
We have multiple clients on both windows and linux boxes connecting to this server without any problem, they receive no errors.
This includes the FileZilla client on a windows box (it connects wtihout a problem).

The only client that fails and receives the "Server did not properly shutdown TLS connection" is the FileZilla client on a Linux box.
We are using Filezilla 3.1.3 on a Debian Linux when this failure occures.

It seems to us if this were a server issue it would fail for all clients and not just the Filezilla/Linux client.

da chicken
226 Transfer OK
Posts: 619
Joined: 2005-11-02 06:41

Re: Server did not properly shut down TLS connection

#4 Post by da chicken » 2008-09-26 15:15

Vsftpd prior to 2.0.7 will not properly shutdown TLS connections. FileZilla clients version 3.1.0.1 and later will issue a fatal error due to potential security issues with this bug. The changelog is still advertising the fix on the main page: http://vsftpd.beasts.org/.

You'll need to either push the Debian package maintainers to backport the patch in 2.0.7 or build 2.0.7 from the tarball source.

Ubuntu people having the same problem:
http://ubuntuforums.org/showthread.php?t=880724

I don't entirely agree with the solution provided there (it strikes me as a bit too kludgey to use make and not make install) but it would work.

evildan
500 Command not understood
Posts: 1
Joined: 2008-10-15 11:02
First name: Daniel
Last name: Ang

Re: Server did not properly shut down TLS connection

#5 Post by evildan » 2008-10-15 11:09

Hi:

I'm getting the same problem. I'm running Filezilla 3.1.3.1 on MacOS 10.5.5.

The ftp server is ran under Linux Debian, Proftpd 1.2.10.

I used to be able to log in using TLS/SSL on older version of Filezillas on my Mac, but not now. However i still can log in using normal FTP instead of FTPES.

I have another client running Kubuntu, no problem logging in using Filezilla FTPES mode.

Is this a server or client side problem?

Log:

Status: Disconnected from server
Status: Resolving address of x
Status: Connecting to x...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.2.10 Server (Audittv (Singnet 1)) [119.73.142.192]
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER daniel
Status: TLS/SSL connection established.
Response: 331 Password required for x.
Command: PASS ********
Response: 230 User daniel logged in.
Command: PBSZ 0
Response: 200 PBSZ 0 successful
Command: PROT P
Response: 200 Protection set to Private
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (x,239,111).
Command: LIST
Response: 150 Opening ASCII mode data connection for file list
Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted

Response: 226 Transfer complete.
Error: Failed to retrieve directory listing

User avatar
botg
Site Admin
Posts: 35506
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Server did not properly shut down TLS connection

#6 Post by botg » 2008-10-15 12:00

Is this a server or client side problem?
It's lack of reading comprehension on your part. This question has been answered before in this very thread.

RobertMJ
500 Command not understood
Posts: 1
Joined: 2008-10-28 00:11
First name: Robert
Last name: Johnson

Re: Server did not properly shut down TLS connection

#7 Post by RobertMJ » 2008-10-28 00:15

It's lack of reading comprehension on your part
Nice dick response :evil: , great support.

User avatar
botg
Site Admin
Posts: 35506
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Server did not properly shut down TLS connection

#8 Post by botg » 2008-10-28 09:18

RobertMJ wrote:Nice dick response :evil: , great support.
Thanks for appreciating my support. However I'm not Richard, I'm Tim.

anichin
500 Command not understood
Posts: 1
Joined: 2009-04-27 15:22
First name: Angel
Last name: Anichin

Re: Server did not properly shut down TLS connection

#9 Post by anichin » 2009-04-27 15:28

Is there a way to make FileZilla ignore this bug on the server ?

I am using FileZilla to connect to a server which I have no control over. I am uploading files, not downloading and I would like to use my favourite ftp client. Do not want to install CuteFTP or anything else. What can I do ?

User avatar
botg
Site Admin
Posts: 35506
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Server did not properly shut down TLS connection

#10 Post by botg » 2009-04-27 16:24

No, because it's a security vulnerability.

franc
500 Syntax error
Posts: 12
Joined: 2009-09-11 22:40

Re: Server did not properly shut down TLS connection

#11 Post by franc » 2009-09-12 10:08

You need to compile FileZilla yourself, with a switch to get rid of this "great security feature".

For me it is simple: i just don't use FileZilla 3.x but the much better program "<vulnerable program>".

User avatar
botg
Site Admin
Posts: 35506
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Server did not properly shut down TLS connection

#12 Post by botg » 2009-09-12 12:00

Have fun using vulnerable software. People like you are the reason why malware is spreading so fast.

Locked