Can't connect with TLS/SSL in version 3.1.0

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
huggy59
500 Command not understood
Posts: 1
Joined: 2008-07-30 14:52
First name: Gordon
Last name: Cunningham

Re: Can't connect with TLS/SSL in version 3.1.0

#39 Post by huggy59 » 2008-07-30 15:02

While I agree that security issues such as these must be moved forward and supported, there is - in fact, there must be - room for overlap. We deal with some State and Federal government systems using explicit SSL - some on mainframes and minis - and given the nature of many entrenched legacy systems that are no longer under development at these levels, they are not likely to change any time soon.

May I suggest that until the rest of the world falls into line with upgraded server software that at least earlier versions of the Filezilla client be made available for download on your sites? If not, you are effectively saying, "You may not use Filezilla any more." Please make room for the overlap.

rayvd
504 Command not implemented
Posts: 11
Joined: 2008-07-29 20:13
First name: Ray
Last name: Van Dolson

Re: Can't connect with TLS/SSL in version 3.1.0

#40 Post by rayvd » 2008-07-30 15:09

The older clients are available for download on the Sourceforge download page. I am recommending 3.0.11.1 to users currently that require TLS/SSL.

3.0.11.1 here.

User avatar
boco
Contributor
Posts: 24544
Joined: 2006-05-01 03:28
Location: Germany

Re: Can't connect with TLS/SSL in version 3.1.0

#41 Post by boco » 2008-07-30 15:18

Please note that 3.0.11.1 is already in my sticky, as it's by coincidence also the last working Windows 2000 version. I just hope that Sourceforge links will not become invalid anytime soon...
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

rayvd
504 Command not implemented
Posts: 11
Joined: 2008-07-29 20:13
First name: Ray
Last name: Van Dolson

Re: Can't connect with TLS/SSL in version 3.1.0

#42 Post by rayvd » 2008-07-30 15:38

ProFTPd bug opened. Jump on the CC or add your two cents to the discussion (especially if you're a developer).

rayvd
504 Command not implemented
Posts: 11
Joined: 2008-07-29 20:13
First name: Ray
Last name: Van Dolson

Re: Can't connect with TLS/SSL in version 3.1.0

#43 Post by rayvd » 2008-07-30 16:48

FYI, fix for ProFTPd has been committed to CVS. Also, since I (and perhaps others) use RHEL for this, built an RPM against the EPEL version (1.3.1) that includes this patch. You can snag it here or watch the RH bugzilla here.

maybewecan
500 Command not understood
Posts: 1
Joined: 2008-07-30 19:22
First name: Jeremy
Last name: Stevens

Re: Can't connect with TLS/SSL in version 3.1.0

#44 Post by maybewecan » 2008-07-30 19:26

I am having the same issues as all the users on this forum. I sent in an email to my support representative for Xlight FTP server and they sent me back the following reply:

"Hi,

That's not the case. SSL/TSL shutdown happens only when closing SSL/TLS
connection, not at the stage of connection setup.

Since your user can not connect, Filezilla must break something in their
code for SSL negotiation. Xlight FTP uses Microsoft CryptoAPI come with
Windows OS, SSL negotiation is handled by CryptoAPI also. That means
Filezilla breaks its compatibility with FTP Server using CryptoAPI,
including Microsoft IIS7 FTP."


Seems that there are some signals being mixed to me. Can somone tell me how I need to proceed as this is now a major issue for our company.

Thank you.

Cheers!

User avatar
botg
Site Admin
Posts: 32213
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't connect with TLS/SSL in version 3.1.0

#45 Post by botg » 2008-07-30 20:11

Tell them their server does not send the TLS closure alert as required by RFC 4346 section 7.2.1 upon closing the data connection.

whale
500 Syntax error
Posts: 16
Joined: 2008-07-24 03:22
First name: Franklin
Last name: Tse

Re: Can't connect with TLS/SSL in version 3.1.0

#46 Post by whale » 2008-07-31 08:33

That means Filezilla breaks its compatibility with FTP Server using CryptoAPI, including Microsoft IIS7 FTP."
Doesn't seem to be true. I can use FileZilla to connect with a FTP 7 for IIS 7 server via AUTH TLS successfully.

By the way, the issue will be fixed in the next version of Xlight FTP Server:
http://www.xlightftpd.com/forum/viewtopic.php?t=971

User avatar
botg
Site Admin
Posts: 32213
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't connect with TLS/SSL in version 3.1.0

#47 Post by botg » 2008-07-31 09:37

Since I have no account on their forums, I'll reply here to something one of their devs said:
close_notify
This message notifies the recipient that the sender will not send
any more messages on this connection. Note that as of TLS 1.1,
failure to properly close a connection no longer requires that a
session not be resumed. This is a change from TLS 1.0 to conform
with widespread implementation practice.
Resuming an interrupted session and shutting down a session are two completely different things, don't confuse them. This particular change allows reconnecting to the server and resuming the connection should it have been disrupted (e.g. temporary network outage). Note that it does require further application support for this and is not supported by FTP.

chromoplastic
500 Syntax error
Posts: 13
Joined: 2006-09-22 02:45

Re: Can't connect with TLS/SSL in version 3.1.0

#48 Post by chromoplastic » 2008-08-01 03:45

I there,

Since i started this thread many of us discovered that a lot of ftp servers have this TSL/SSL problem.

I can now say that the server in question in my case (Gene6) was upgraded to version 3.10.0 (Build 2) and now has no problem with FZ 3.1.0.1. All is well now.

But i have to say that this problem highlighted another question. As i understand, FZ developers are trying to build a strict standards compliant ftp client and this is good, but as less aware people upgrade to the new versions of FZ and bump on this problem, they will blame it on FZ rather than the flawed ftp server, just as i and others did at first. And as this users try other ftp clients that go around this problem the perception that FZ is the bad client stays, so this will hurt FZ in the end.

Nonetheless i'm happy that there's one less flawed ftp server out there, and that i can continue to use the latest versions of FZ, but i suggest that you shouldn't be so strict in this matter and implement a "relaxed" option somewhere in FZ's settings.

Keep up the good work.

User avatar
botg
Site Admin
Posts: 32213
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't connect with TLS/SSL in version 3.1.0

#49 Post by botg » 2008-08-01 08:32

Guess I should have made the log line that reads "Server did not properly shut down TLS connection" bold, underlined, font size 72 and blinking, full-screen of course.

User avatar
boco
Contributor
Posts: 24544
Joined: 2006-05-01 03:28
Location: Germany

Re: Can't connect with TLS/SSL in version 3.1.0

#50 Post by boco » 2008-08-02 05:15

botg wrote:Guess I should have made the log line that reads "Server did not properly shut down TLS connection" bold, underlined, font size 72 and blinking, full-screen of course.
Make it the default desktop wallpaper.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Zuul24
500 Command not understood
Posts: 4
Joined: 2008-08-02 21:26
First name: Chas
Last name: Stokes

Re: Can't connect with TLS/SSL in version 3.1.0

#51 Post by Zuul24 » 2008-08-02 21:48

I am afraid I will have to stay downgraded also for the time being.

I also never understood why filezilla removed all the proxy settings that it used to have. I am still stuck at version 2.0 at work forever.

Until Serv-U corrects the problem on their side, I am pretty much stuck like the rest as I am not changing my FTP server software after using the same one since almost version 1.

Chas

User avatar
botg
Site Admin
Posts: 32213
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't connect with TLS/SSL in version 3.1.0

#52 Post by botg » 2008-08-02 22:10

I also never understood why filezilla removed all the proxy settings that it used to have. I am still stuck at version 2.0 at work forever.
Did you know that all proxy settings that were available in 2.x are completely back in 3.1.0.1?

Zuul24
500 Command not understood
Posts: 4
Joined: 2008-08-02 21:26
First name: Chas
Last name: Stokes

Re: Can't connect with TLS/SSL in version 3.1.0

#53 Post by Zuul24 » 2008-08-02 23:28

botg wrote:
I also never understood why filezilla removed all the proxy settings that it used to have. I am still stuck at version 2.0 at work forever.
Did you know that all proxy settings that were available in 2.x are completely back in 3.1.0.1?
No, I didn't. And that is great. I didn't have it on here long enough to see it.

I just can't update until a few of the FTP sites I use update their servers but I will definitely check that out.

Chas

Post Reply