#10624 closed Bug report (rejected)
GnuTLS error -15: An unexpected TLS packet was received
| Reported by: | difazio | Owned by: | |
|---|---|---|---|
| Priority: | high | Component: | FileZilla Client |
| Keywords: | GnuTLS AIX unexpexted packet | Cc: | |
| Component version: | 3.12.0.2 | Operating system type: | Windows |
| Operating system version: | Windows 7 Enterprise |
Description
Filezilla fails to connect to an AIX system from a windows client.
Tested cuteftp - same environment no issues.
Status: Connecting to 10.241.209.195:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Error: GnuTLS error -15: An unexpected TLS packet was received.
Error: Could not connect to server
Status: Waiting to retry...
Status: Connecting to 10.241.209.195:21...
Status: Connection established, waiting for welcome message...
Response: 220 bono FTP server (Version 4.2 Thu Apr 17 02:03:14 CDT 2008) ready.
Command: AUTH TLS
Response: 234 Using authentication type TLSv1
Status: Initializing TLS...
Error: GnuTLS error -15: An unexpected TLS packet was received.
Error: Could not connect to server
Attachments (3)
Change History (7)
by , 9 years ago
| Attachment: | filezilla-ftp-fail.txt added |
|---|
by , 9 years ago
| Attachment: | cute-ftp-no-problem.txt added |
|---|
wire shark text output of cuteftp working same environment
comment:1 by , 9 years ago
I have wire shark raw files. They were to big to upload. email me if you need them
comment:2 by , 9 years ago
| Resolution: | → rejected |
|---|---|
| Status: | new → closed |
Look at frame 1035. The server sends a plaintext message after accepting the AUTH TLS command.
This violates the specifications in two ways:
a) It is not allowed to send a reply unless there has been a preceding command. There is no command preceding the error message.
b) After accepting the AUTH TLS command, the server MUST NOT speak plaintext
Please contact your server administrator or server hosting provider for assistance so that the server's FTP over TLS support can be made to comply with the specifications.
comment:3 by , 9 years ago
Please let me clarify
IP 10.241.212.151 is the filezilla windows client
10.241.209.195 is the AIX server.
Frame 1035 is the response from the aix server rejecting the request.
Frame 1034 from the filezilla windows client appears to be the cause of the rejection.
comment:4 by , 9 years ago
Frame 1034 is a TLS client_hello packet, it is not an FTP command and as such the server MUST NOT send an FTP reply, it must send a TLS handshake packet, of it it doesn't like what it sees in the client_hello, send a TLS alert.
wire shark text output of failure using zilezilla