We ourself have several VSFTPd (v3.0.3) and proFTPd (v1.3.6) servers running on Debian9 and/or Ubuntu 18.04 systems.
On some of these we use the deb.sury.org repo that provides a current openssl (v1.1.1a) library.
"Unfortunately" this also means that the ftp service on these servers will run with this openssl library and advertise TLS 1.3 support.
Since Filezilla v3.40 this leads to the problem that file uploads will fail sometimes and show the following error messages:
Code: Select all
Command: LIST -a Response: 150 Here comes the directory listing. Response: 226 Directory send OK. Command: EPSV Response: 229 Entering Extended Passive Mode (|||13136|) Command: STOR 0104724255.png Response: 150 Ok to send data. Response: 426 Failure reading network stream. Error: File transfer failed Status: Retrieving directory listing of "/_data"... Status: Directory listing of "/_data" successful Status: Disconnected from server Error: GnuTLS error -15: An unexpected TLS packet was received. Status: Disconnected from server: ECONNABORTED - Connection aborted
Code: Select all
Command: TYPE I Response: 200 Type set to I Command: EPSV Response: 229 Entering Extended Passive Mode (|||13118|) Command: STOR 0104724255.png Response: 150 Opening BINARY mode data connection for 0104724255.png Response: 450 Transfer aborted. Link to file server lost Error: File transfer failed Status: File transfer successful, transferred 15'369 bytes in 1 second Status: Starting upload of D:\_Temp\0104724255.png Status: Retrieving directory listing of "/httpdocs/test"...
Yes, I know that officially/currently both vsftpd and proftpd do not (fully) support TLS1.3
There is also no way to manually/forcefully disable TLS 1.3 support for these two ftp servers in a configuration file.
I did also read in this forum, that pureftp shows similar/same symptoms with TLS 1.3, though we did not test pureftp ourself.
This leaves me a bit questioning if the Filezilla client v3.40 TLS 1.3 implementation is really flawless, as it seems to not work with any ftp server out there...
But nontheless and while I still suspect that ALL these ftp servers are broken in regards to TLS 1.3, they all still advertise TLS 1.3 when running on a system with openssl 1.1.1x and with no simple way to disable it.
So, how hard would it be to implement an option in Filezilla, to disable TLS 1.3 on the client side of things? (similar to how WinSCP allows)