Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#10624 closed Bug report (rejected)

GnuTLS error -15: An unexpected TLS packet was received

Reported by: difazio Owned by:
Priority: high Component: FileZilla Client
Keywords: GnuTLS AIX unexpexted packet Cc:
Component version: 3.12.0.2 Operating system type: Windows
Operating system version: Windows 7 Enterprise

Description

Filezilla fails to connect to an AIX system from a windows client.
Tested cuteftp - same environment no issues.

Status: Connecting to 10.241.209.195:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Error: GnuTLS error -15: An unexpected TLS packet was received.
Error: Could not connect to server
Status: Waiting to retry...
Status: Connecting to 10.241.209.195:21...
Status: Connection established, waiting for welcome message...
Response: 220 bono FTP server (Version 4.2 Thu Apr 17 02:03:14 CDT 2008) ready.
Command: AUTH TLS
Response: 234 Using authentication type TLSv1
Status: Initializing TLS...
Error: GnuTLS error -15: An unexpected TLS packet was received.
Error: Could not connect to server

Attachments (3)

filezilla-ftp-fail.txt (109.0 KB) - added by difazio 5 years ago.
wire shark text output of failure using zilezilla
cute-ftp-no-problem.txt (213.3 KB) - added by difazio 5 years ago.
wire shark text output of cuteftp working same environment
filezila-error.txt (650 bytes) - added by difazio 5 years ago.
error

Download all attachments as: .zip

Change History (7)

Changed 5 years ago by difazio

Attachment: filezilla-ftp-fail.txt added

wire shark text output of failure using zilezilla

Changed 5 years ago by difazio

Attachment: cute-ftp-no-problem.txt added

wire shark text output of cuteftp working same environment

Changed 5 years ago by difazio

Attachment: filezila-error.txt added

error

comment:1 Changed 5 years ago by difazio

I have wire shark raw files. They were to big to upload. email me if you need them

comment:2 Changed 5 years ago by Tim Kosse

Resolution: rejected
Status: newclosed

Look at frame 1035. The server sends a plaintext message after accepting the AUTH TLS command.

This violates the specifications in two ways:
a) It is not allowed to send a reply unless there has been a preceding command. There is no command preceding the error message.
b) After accepting the AUTH TLS command, the server MUST NOT speak plaintext

Please contact your server administrator or server hosting provider for assistance so that the server's FTP over TLS support can be made to comply with the specifications.

comment:3 Changed 5 years ago by difazio

Please let me clarify
IP 10.241.212.151 is the filezilla windows client
10.241.209.195 is the AIX server.
Frame 1035 is the response from the aix server rejecting the request.
Frame 1034 from the filezilla windows client appears to be the cause of the rejection.

comment:4 Changed 5 years ago by Tim Kosse

Frame 1034 is a TLS client_hello packet, it is not an FTP command and as such the server MUST NOT send an FTP reply, it must send a TLS handshake packet, of it it doesn't like what it sees in the client_hello, send a TLS alert.

Note: See TracTickets for help on using tickets.