Opened 5 years ago

Last modified 5 years ago

#11916 new Bug report

After upgrade 3.42.1, TLS connections to proftpd server broke

Reported by: flyvehest Owned by:
Priority: normal Component: FileZilla Client
Keywords: tls Cc:
Component version: 3.42.1 Operating system type:
Operating system version: Windows 7


After getting reports on connection errors, I tested my setup, which worked fine. (Unfortunately, i'm not sure what version I was running at the time, but it was not more than a couple months old)

I then upgrade FileZilla to latest, and when I connect to my ProFTPd server now, I get the following errors clientside

Response:	150 Opening BINARY mode data connection for file list
Error:	GnuTLS error -58: An illegal TLS extension was received.
Error:	The data connection could not be established: ECONNABORTED - Connection aborted
Response:	425 Unable to build data connection: Operation not permitted
Error:	Failed to retrieve directory listing

and this is what I see serverside

2019-05-12 09:37:05,083 mod_tls/2.8[18]: TLS/TLS-C requested, starting TLS handshake
2019-05-12 09:37:05,090 mod_tls/2.8[18]: client supports secure renegotiations
2019-05-12 09:37:05,090 mod_tls/2.8[18]: TLSv1.2 connection accepted, using cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
2019-05-12 09:37:05,154 mod_tls/2.8[18]: Protection set to Private
2019-05-12 09:37:05,157 mod_tls/2.8[18]: unable to accept TLS connection: system call error: [104] Connection reset by peer
2019-05-12 09:37:05,157 mod_tls/2.8[18]: unable to open data connection: TLS negotiation failed

Server is setup with session reuse, and everything was running fine before updating.

Change History (3)

comment:1 by flyvehest, 5 years ago

Found out that the ProFTPd was compiled against libressl, redid the server using openssl and everything works again.

It might be in the projects interest to look into why it doesn't work when connecting to a libressl based TLS installation, though.

comment:2 by Tim Kosse, 5 years ago

Status: newmoreinfo

Which version of libressl were you using?

comment:3 by flyvehest, 5 years ago

Status: moreinfonew

According to Alpines repository (I was using 3.8), it looks like its 2.7.5-r0

Note: See TracTickets for help on using tickets.