Opened 6 months ago

Closed 6 months ago

Last modified 6 months ago

#11837 closed Bug report (rejected)

Unable to connect via ftpes:// on 3.40.0

Reported by: Disassembler Owned by:
Priority: high Component: FileZilla Client
Keywords: gnutls, ftpes, pureftpd Cc:
Component version: 3.40.0 Operating system type: Windows
Operating system version: 10

Description

After update to 3.40.0, I'm unable to connect from a Windows machine to several servers via ftpes:// protocol (FTP over Explicit TLS) on port 21. The connections work on 3.39.0 and in other software (WinSCP).

The server to which I'm trying to connect uses Pure-FTPd 1.0.46 linked against GnuTLS 3.5.18 (stock configuration on Ubuntu 18.04) and username+password authentication. TLS certificate is valid.

Messages from 3.39.0:

Status:	Resolving address of ftp.example.com
Status:	Connecting to 12.34.56.78:21...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Logged in
Status:	Retrieving directory listing...
Status:	Directory listing of "/" successful

Messages from 3.40.0:

Status:	Resolving address of ftp.example.com
Status:	Connecting to 12.34.56.78:21...
Status:	Connection established, waiting for welcome message...
Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 1 of 50 allowed.
Response:	220-Local time is now 15:44. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	AUTH TLS
Response:	234 AUTH TLS OK.
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Command:	USER username
Error:	Could not connect to server

On subsequent try, this message is additionally reported

Error:	GnuTLS error -110: The TLS connection was non-properly terminated.
Status:	Server did not properly shut down TLS connection

My wild guess is that it has something to do with recent GnuTLS libs upgrade in 3.40.0.

Attachments (1)

filezilla-gnutls.txt (2.9 KB) - added by Disassembler 6 months ago.

Download all attachments as: .zip

Change History (5)

Changed 6 months ago by Disassembler

Attachment: filezilla-gnutls.txt added

comment:1 Changed 6 months ago by Tim Kosse

Resolution: rejected
Status: newclosed

That's a known bug in Pure-FTPd. See https://github.com/jedisct1/pure-ftpd/issues/94

comment:2 Changed 6 months ago by Tim Kosse

Contact your server administrator or server hosting provider for assistance to have the your server fixed.

comment:3 Changed 6 months ago by Disassembler

Yeah, I'm digging deeper and it indeed looks like server misconfiguration. Pure-FTPd is linked against OpenSSL, not GnuTLS and I have custom-compiled OpenSSL 1.1.1a, so the TLS 1.3 ciphersuites are offered but in fact not supported by PureFTPd itself :/ Apologies for undue alarm.

comment:4 Changed 6 months ago by Tim Kosse

The server to which I'm trying to connect uses Pure-FTPd 1.0.46 linked against GnuTLS 3.5.18

Please note that Pure-FTPd uses OpenSSL as TLS library, it does not use GnuTLS.

Note: See TracTickets for help on using tickets.