Determing version of TLS used on server

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
criskris
504 Command not implemented
Posts: 6
Joined: 2019-11-25 21:25
First name: Cristopher
Last name: Arias

Determing version of TLS used on server

#1 Post by criskris » 2019-11-25 21:35

I have inherited a Filezilla Server and trying to determining which version of TLS is being for FTP over SSL/TLS.

How can find that?

User avatar
boco
Contributor
Posts: 24784
Joined: 2006-05-01 03:28
Location: Germany

Re: Determing version of TLS used on server

#2 Post by boco » 2019-11-26 01:02

The only supported FileZilla Server version is 0.9.60 - that one is providing FTP over TLS 1.2. Note that the negotiated TLS version can be lower, if the client does not support TLS 1.2. Lowest possible is 1.0, AFAIK. The old SSL versions are not possible.

Hint: Use FileZilla to connect to your server, then click the lock at the lower right. Session details reveals the TLS version used.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

criskris
504 Command not implemented
Posts: 6
Joined: 2019-11-25 21:25
First name: Cristopher
Last name: Arias

Re: Determing version of TLS used on server

#3 Post by criskris » 2019-11-26 14:28

I am using server

FileZilla Server version 0.9.48 beta

Is that any different in regards to TLS security?

User avatar
boco
Contributor
Posts: 24784
Joined: 2006-05-01 03:28
Location: Germany

Re: Determing version of TLS used on server

#4 Post by boco » 2019-11-26 17:39

Yes. Several security issues have been fixed since then. You absolutely MUST update.

https://filezilla-project.org/versions.php?type=server
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

criskris
504 Command not implemented
Posts: 6
Joined: 2019-11-25 21:25
First name: Cristopher
Last name: Arias

Re: Determing version of TLS used on server

#5 Post by criskris » 2019-11-27 14:01

I don't have permissions yet to upgrade the server. I just need to figure out if this version of the server will accomodate TLS 1.2.

User avatar
botg
Site Admin
Posts: 32472
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Determing version of TLS used on server

#6 Post by botg » 2019-11-27 14:13

You need to find a new job ASAP. Bad policies like that are going to result in disaster eventually.

criskris
504 Command not implemented
Posts: 6
Joined: 2019-11-25 21:25
First name: Cristopher
Last name: Arias

Re: Determing version of TLS used on server

#7 Post by criskris » 2019-11-27 14:31

I appreciate everyone's help and suggestions but I just need to know which version of TLS is supported by that version of server.

User avatar
botg
Site Admin
Posts: 32472
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Determing version of TLS used on server

#8 Post by botg » 2019-11-27 15:53

We cannot support outdated versions of FileZilla Server.

criskris
504 Command not implemented
Posts: 6
Joined: 2019-11-25 21:25
First name: Cristopher
Last name: Arias

Re: Determing version of TLS used on server

#9 Post by criskris » 2019-12-02 21:03

We have upgraded the FileZilla Server software but now we are getting the following issues when trying to upload files.

(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> TLS connection for data connection established
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> 226 Successfully transferred "/"
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> PASV
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> 227 Entering Passive Mode (67,221,232,186,196,203)
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> STOR Loan Pal Actions.xlsx
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> 150 Opening data channel for file upload to server of "/Loan Pal Actions.xlsx"
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> 550 Could not open file for writing.
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> PASV
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> 227 Entering Passive Mode (67,221,232,186,198,141)
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> MLSD
(000228)12/2/2019 14:58:16 PM - bremer (199.189.127.1)> 150 Opening data channel for directory listing of "/"
(000228)12/2/2019 14:58:17 PM - bremer (199.189.127.1)> TLS connection for data connection established
(000228)12/2/2019 14:58:17 PM - bremer (199.189.127.1)> 226 Successfully transferred "/"


Can you help me figure out what setting is causing this issue?

User avatar
boco
Contributor
Posts: 24784
Joined: 2006-05-01 03:28
Location: Germany

Re: Determing version of TLS used on server

#10 Post by boco » 2019-12-02 23:03

One possibility is the AV software, locking the file while scanning.
A second possibility is that another program/process on the server machine is holding the file open (Excel, maybe?).
Third possibility: The service part of FileZilla Server did run under a different user account, previously. As updating re-installs the service, the service account gets reset to SYSTEM and needs to be configured again.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

criskris
504 Command not implemented
Posts: 6
Joined: 2019-11-25 21:25
First name: Cristopher
Last name: Arias

Re: Determing version of TLS used on server

#11 Post by criskris » 2019-12-04 15:14

Thank you.

It was number 3. we are still having some trouble with people accessing via automated protocols. Below is an error that we had received from the client.

“TLS session of data connection has not resumed or the session does not match the control connection”

User avatar
boco
Contributor
Posts: 24784
Joined: 2006-05-01 03:28
Location: Germany

Re: Determing version of TLS used on server

#12 Post by boco » 2019-12-04 19:08

The mentioned error message is the result of a security vulnerability in the accessing clients. By default, FileZilla Server requires every client to support TLS session resumption (for mitigation of connection stealing attacks).

For a short-term workaround, you can disable TLS session resumption requirement*, but the affected clients should be fixed urgently.



*Uncheck the highlighted checkbox.

Image
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Post Reply