GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#1 Post by docimart » 2010-12-12 16:48

i have succesfully created a ftp server on linux with vsftpd as server, and filezilla as client
i have configured vsftpd to get secure connections.
it works, and i can connect to my server.

however, when i got a secure connection, i get an error after some moments:

Code: Select all

GnuTLS error -8 a Datta packet has been received with an unvalid version
connection with the server broken. ECONNABORTED - Connection aborted
what does that mean, and how can i solve it?

info of filezilla:

Code: Select all

FileZilla Client
----------------

Version:          3.3.5.1

Build information:
  Compiled for:   i686-pc-linux-gnu
  Compiled on:    i686-pc-linux-gnu
  Build date:     2010-12-12
  Compiled with:  gcc (SUSE Linux) 4.5.0 20100604 [gcc-4_5-branch revision 160292]
  Compiler flags: -O2 -g -m32 -march=i586 -mtune=i686 -fmessage-length=0 -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-protector -Wall -g -fexceptions

Linked against:
  wxWidgets:      2.8.10
  GnuTLS:         2.8.6

Operating system:
  Name:           Linux 2.6.34.7-0.5-default i686
  Version:        2.6
i got the feeling that GnuTLS version 2.8.6 is the issue here.

User avatar
botg
Site Admin
Posts: 35506
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#2 Post by botg » 2010-12-12 17:09

Which version of vsftpd? Which TLS library (product and version) does vsftp link against?

Also, please post a complete log of the connection attempt.

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#3 Post by docimart » 2010-12-12 17:50

vsftpd version:

Code: Select all

~> rpm -q vsftpd
vsftpd-2.2.2-2.4.i586
tls library:

Code: Select all

> rpm -qa | grep tls
libgnutls-extra26-2.8.6-2.3.1.i586
gnutls-2.8.6-2.3.1.i586
libgnutls-devel-2.8.6-2.3.1.i586
libgnutls-extra-devel-2.8.6-2.3.1.i586
libgnutls26-2.8.6-2.3.1.i586
output of connection:( ps,, i can connect) however,, after some minites i get the error

Code: Select all

Status:	Connecting to 127.0.0.1:21...
Status:	Connection established, waiting for welcome message...
Response:	220 (vsFTPd 2.2.2)
Command:	AUTH TLS
Response:	234 Proceed with negotiation.
Status:	Initializing TLS...
Status:	Verifying certificate...
Command:	USER testuser
Status:	TLS/SSL connection established.
Response:	331 Please specify the password.
Command:	PASS ******
Response:	230 Login successful.
Command:	SYST
Response:	215 UNIX Type: L8
Command:	FEAT
Response:	211-Features:
Response:	 AUTH SSL
Response:	 AUTH TLS
Response:	 EPRT
Response:	 EPSV
Response:	 MDTM
Response:	 PASV
Response:	 PBSZ
Response:	 PROT
Response:	 REST STREAM
Response:	 SIZE
Response:	 TVFS
Response:	 UTF8
Response:	211 End
Command:	OPTS UTF8 ON
Response:	200 Always in UTF8 mode.
Command:	PBSZ 0
Response:	200 PBSZ set to 0.
Command:	PROT P
Response:	200 PROT now Private.
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/"
Command:	TYPE I
Response:	200 Switching to Binary mode.
Command:	PORT 127,0,0,1,183,31
Response:	200 PORT command successful. Consider using PASV.
Command:	LIST
Response:	150 Here comes the directory listing.
Response:	226 Directory send OK.
Status:	Directory listing successful
note,, i got: FTP over expliciet TLS/SSL as server type

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#4 Post by docimart » 2010-12-12 19:14

i noticed this topic:
http://forum.filezilla-project.org/view ... f=2&t=9011

i have reconfigured vsftpd,
no idea if it's solved for now

User avatar
botg
Site Admin
Posts: 35506
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#5 Post by botg » 2010-12-12 20:30

docimart wrote: tls library:

Code: Select all

> rpm -qa | grep tls
[...]
Unfortunately that only shows all installed packages with tls in their name. However, there are several TLS libraries which do not have tls in their name, e.g. OpenSSL or NSS.

You need to look at the actual dependencies of the vsftpd package to find out which TLS library it uses.

output of connection:( ps,, i can connect) however,, after some minites i get the error
Could it be some sort of idle timeout?

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#6 Post by docimart » 2010-12-13 15:46

botg wrote:
docimart wrote: tls library:

Code: Select all

> rpm -qa | grep tls
[...]
Unfortunately that only shows all installed packages with tls in their name. However, there are several TLS libraries which do not have tls in their name, e.g. OpenSSL or NSS.

You need to look at the actual dependencies of the vsftpd package to find out which TLS library it uses.

output of connection:( ps,, i can connect) however,, after some minites i get the error
Could it be some sort of idle timeout?
it can be a timeout
i have changed some settings in vsftpd.conf, and the time before users get kicked is very long now
hoever,, i am stil investigating this issue

i have this:
~> rpm -q openssl
openssl-1.0.0-6.3.1.i586

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#7 Post by docimart » 2010-12-13 16:23

ok,, a recab here:

vsftpd.conf:

Code: Select all

# Basic settings
listen=YES
anonymous_enable=NO
chmod_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
nopriv_user=vsftpd
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
guest_enable=YES
guest_username=vsftpd
local_root=/home/vsftpd/
user_sub_token=$USER
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd_user_conf
use_localtime=YES
connect_timeout=72000000000000
ftpd_banner=Welkom, Recepción, Bienvenue, Welcome, Willkommen, 환영,  ברוכים הבאים

# Configure vsftpd for secure connections
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
version vsftpd:

Code: Select all

~> rpm -q vsftpd
vsftpd-2.2.2-2.4.i586
version filezilla:

Code: Select all

~> rpm -q filezilla
filezilla-3.3.5.1-2.1.i586
against what library's is filezilla compilled:

Code: Select all

BuildRequires:  flac-devel gcc-c++ gtk2-devel
BuildRequires:  cppunit libidn-devel 
BuildRequires:  libgcrypt-devel
BuildRequires:  libgpg-error-devel
%if !%with_intree_wxgtk
BuildRequires:  wxGTK-devel >= 2.8.10
%endif
%if !%with_intree_gnutls
BuildRequires:  libgnutls-devel >= 2.8.3
BuildRequires:  libtasn1-devel
%endif
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version}
BuildRequires:  update-desktop-files dbus-1-devel xdg-utils
%endif
%if 0%{?suse_version} > 1020
BuildRequires:  fdupes
%endif
actuall tls lib's"

Code: Select all

> rpm -qa | grep ssl
libopenssl-devel-1.0.0-6.3.1.i586
libopenssl1_0_0-1.0.0-6.3.1.i586
libopenssl0_9_8-0.9.8m-3.1.2.i586
openssl-1.0.0-6.3.1.i586
and:

Code: Select all

> rpm -qa | grep tls
libgnutls-extra26-2.8.6-2.3.1.i586
gnutls-2.8.6-2.3.1.i586
libgnutls-devel-2.8.6-2.3.1.i586
libgnutls-extra-devel-2.8.6-2.3.1.i586
libgnutls26-2.8.6-2.3.1.i586
current situation: ( 17h22min PM)
logged in using a secure connection, and waiting what happends.

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#8 Post by docimart » 2010-12-13 17:48

i was kicked out,
regardless what i have changed

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#9 Post by docimart » 2010-12-13 18:35

i am trying to compile filezilla against gnutls 2.10.2, instaed of 2.8.6
hope that solves the issue

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#10 Post by docimart » 2010-12-13 18:52

this is what i have build:

Code: Select all

libgnutls-devel-2.10.2-1.i586.rpm    libgnutls-extra-devel-2.10.2-1.i586.rpm
gnutls-2.10.2-1.i586.rpm        libgnutls26-2.10.2-1.i586.rpm       libgnutls-extra26-2.10.2-1.i586.rpm
tommorow i install these rpm's, and rebuild filezilla against gnutls 2.10.2

User avatar
botg
Site Admin
Posts: 35506
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#11 Post by botg » 2010-12-13 21:14

current situation: ( 17h22min PM)
Definitely long-running connections. Most time related complaints come from users being disconnected after a single minute or less :)

xeon
226 Transfer OK
Posts: 131
Joined: 2009-08-19 03:18

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#12 Post by xeon » 2010-12-13 23:44

I get the same error message as well I haven't noticed any disconnects or problems however.

http://forum.filezilla-project.org/view ... hp?t=14121

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#13 Post by docimart » 2010-12-14 05:01

botg wrote:
current situation: ( 17h22min PM)
Definitely long-running connections. Most time related complaints come from users being disconnected after a single minute or less :)
it was my current time,, not the time i am connected.

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#14 Post by docimart » 2010-12-14 05:03

xeon wrote:I get the same error message as well I haven't noticed any disconnects or problems however.

http://forum.filezilla-project.org/view ... hp?t=14121
remarkble
tonight i will continue my investigation

docimart
503 Bad sequence of commands
Posts: 18
Joined: 2010-12-12 16:39
First name: Du
Last name: de

Re: GnuTLS error -8 - filezilla 3.3.5.1 - vsftpd server

#15 Post by docimart » 2010-12-14 15:35

building in progress

Post Reply