No shared cipher suite between FileZilla and vsftpd/openssl

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
jrodrigosm
500 Command not understood
Posts: 2
Joined: 2012-01-10 13:02
First name: Rodrigo
Last name: Serrano

No shared cipher suite between FileZilla and vsftpd/openssl

#1 Post by jrodrigosm » 2012-01-10 13:21

Hi,

Hello,

I'm trying to connect from a FileZilla client (v3.5.3 on Vista SP2 32bit) to a vsftpd server (v2.3.2 on Ubuntu 11.10). In the server, TLS services are implemented with OpenSSL 1.0.0e. I'm trying to connect using explicit FTPS. The client and the server are both in my LAN.

However, when I try to connect, I get the following error in Filezilla:

Code: Select all

Trace: GnuTLS alert 40: Handshake failed
Error:	GnuTLS error -12: A TLS fatal alert has been received.
On the server side, I get the following error in vsftpd's log:

Code: Select all

"SSL_accept failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher"
The server is configured to accept both SSLv3 and TLSv1.

I've been looking around and I'm not able to find a solution for this problem. It seems to me that the cipher suites used by FileZilla are somehow not being accepted by OpenSSL, but I do not understand why (or if this is actually the case), so I'm not able to solve the problem.

Any ideas? Thanks in advance for your help!

rybka
500 Command not understood
Posts: 2
Joined: 2012-01-10 16:22
First name: Chris
Last name: P

Re: No shared cipher suite between FileZilla and vsftpd/open

#2 Post by rybka » 2012-01-10 16:46

I encountered the same issue with FileZilla client v3.5.3 and vsftpd server. I was able to work around it by using a different cipher suite in vsftpd's configuration. Try to add the line bellow to your vsftpd.conf file.

Code: Select all

ssl_ciphers=AES128-SHA 

jrodrigosm
500 Command not understood
Posts: 2
Joined: 2012-01-10 13:02
First name: Rodrigo
Last name: Serrano

Re: No shared cipher suite between FileZilla and vsftpd/open

#3 Post by jrodrigosm » 2012-01-10 19:33

Thank you rybka!! I did a small variation of what you suggested (I set ssl_ciphers=HIGH), and it worked perfectly! I decided to use the HIGH cipher list instead of the suggested AES128-SHA because, given that I don't know which cipher suites are used in FileZilla, I did not want to risk a future FileZilla upgrade breaking the connection again.

Thank you again for the pointer!

rybka
500 Command not understood
Posts: 2
Joined: 2012-01-10 16:22
First name: Chris
Last name: P

Re: No shared cipher suite between FileZilla and vsftpd/open

#4 Post by rybka » 2012-01-10 21:04

No problem, I’m glad you were able to resolve this issue.

tronzilla
500 Command not understood
Posts: 1
Joined: 2012-01-26 20:47

Re: No shared cipher suite between FileZilla and vsftpd/open

#5 Post by tronzilla » 2012-01-26 20:56

So I have been battling this one all day... Thank you ribka!

The only reason I found the answer here is because I turned:

debug_ssl=YES

on in the vsftpd.conf and restarted the service.

In the vsftpd.log you then receive the following extra information:

"SSL_accept failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher"

However, for future refrence, and to help others, this error appears as:

GnuTLS error -12: A TLS fatal alert has been received

Searching on the above does not lead you to the solution again provided in this thread.

Thanks again,

Carl

kevin192
421 Kicked by Administrator
Posts: 1
Joined: 2013-10-29 20:52
First name: Kevin
Last name: Andrews

Re: No shared cipher suite between FileZilla and vsftpd/open

#6 Post by kevin192 » 2013-10-29 20:55

tronzilla wrote:So I have been battling this one all day... Thank you ribka!

I was looking for the answer for a long time and I finally found it here. I turned:

debug_ssl=YES

on in the vsftpd.conf and restarted the service.

In the vsftpd.log you then receive the following extra information:

"SSL_accept failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher"

However, for future refrence, and to help others, this error appears as:

GnuTLS error -12: A TLS fatal alert has been received

Searching on the above does not lead you to the solution again provided in this thread.

Thanks again,

Carl
Hello Carl,

I am having the same error, but I don't quite understand what I need to do here. I would appreciate it if you explain a little but more. Thank you.
Last edited by kevin192 on 2013-11-03 17:56, edited 1 time in total.

User avatar
boco
Contributor
Posts: 23759
Joined: 2006-05-01 03:28
Location: Germany

Re: No shared cipher suite between FileZilla and vsftpd/open

#7 Post by boco » 2013-10-29 21:42

viewtopic.php?p=90187#p90187

Did you try updating the cipers used by the server?
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Post Reply