Opened 6 months ago

Last modified 6 months ago

#11916 new Bug report

After upgrade 3.42.1, TLS connections to proftpd server broke

Reported by: flyvehest Owned by:
Priority: normal Component: FileZilla Client
Keywords: tls Cc:
Component version: 3.42.1 Operating system type:
Operating system version: Windows 7

Description

After getting reports on connection errors, I tested my setup, which worked fine. (Unfortunately, i'm not sure what version I was running at the time, but it was not more than a couple months old)

I then upgrade FileZilla to latest, and when I connect to my ProFTPd server now, I get the following errors clientside

Response:	150 Opening BINARY mode data connection for file list
Error:	GnuTLS error -58: An illegal TLS extension was received.
Error:	The data connection could not be established: ECONNABORTED - Connection aborted
Response:	425 Unable to build data connection: Operation not permitted
Error:	Failed to retrieve directory listing

and this is what I see serverside

2019-05-12 09:37:05,083 mod_tls/2.8[18]: TLS/TLS-C requested, starting TLS handshake
2019-05-12 09:37:05,090 mod_tls/2.8[18]: client supports secure renegotiations
2019-05-12 09:37:05,090 mod_tls/2.8[18]: TLSv1.2 connection accepted, using cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
2019-05-12 09:37:05,154 mod_tls/2.8[18]: Protection set to Private
2019-05-12 09:37:05,157 mod_tls/2.8[18]: unable to accept TLS connection: system call error: [104] Connection reset by peer
2019-05-12 09:37:05,157 mod_tls/2.8[18]: unable to open data connection: TLS negotiation failed

Server is setup with session reuse, and everything was running fine before updating.

Change History (3)

comment:1 Changed 6 months ago by flyvehest

Found out that the ProFTPd was compiled against libressl, redid the server using openssl and everything works again.

It might be in the projects interest to look into why it doesn't work when connecting to a libressl based TLS installation, though.

comment:2 Changed 6 months ago by Tim Kosse

Status: newmoreinfo

Which version of libressl were you using?

comment:3 Changed 6 months ago by flyvehest

Status: moreinfonew

According to Alpines repository (I was using 3.8), it looks like its 2.7.5-r0

https://pkgs.alpinelinux.org/package/v3.8/main/x86_64/libressl

Note: See TracTickets for help on using tickets.