Opened 2 years ago

Last modified 23 months ago

#12666 new Bug report

Filezilla server 1.20 / 1.30 does not allow admin interface to connect ( possible tls issue)

Reported by: Wesley Owned by:
Priority: normal Component: FileZilla Server
Keywords: Cc:
Component version: Operating system type: Windows
Operating system version: 2016

Description

we are running filezilla server 1.30 ( previously 1.20 which also had the same issue)

the ftp server part runs fine
but the admin interface does not work ( log throws a tls error )

we have a production server and a testing server.
on the testing server it runs fine

the test server has more strict setup of enabled tls version and cipher suites ( see attachment)

i suspect it might be somewhere in the code where it chooses the encryption method for the local connection with the admin interface.

Attachments (3)

tls error.png (27.9 KB ) - added by Wesley 2 years ago.
error message
tls-schannel-testserver.png (66.9 KB ) - added by Wesley 2 years ago.
settings of test server
tls-schannel-production-server.png (67.0 KB ) - added by Wesley 2 years ago.
tls setting production

Download all attachments as: .zip

Change History (13)

by Wesley, 2 years ago

Attachment: tls error.png added

error message

by Wesley, 2 years ago

Attachment: tls-schannel-testserver.png added

settings of test server

by Wesley, 2 years ago

tls setting production

comment:1 by Tim Kosse, 2 years ago

Status: newmoreinfo

The third-party tool you are using has no impact on the TLS parameters negotiated by FileZilla Server.

Which port are you connecting to? Is it the same port configured during installation as administration port?

comment:2 by Wesley, 2 years ago

Status: moreinfonew

the thirdparty tool sets the schannel settings on the windows server os ( + cipher suites)
it was on the default port. i have tried setting it to a different port but i have the same problem(by running the installer again with a different port) .

if there is a way to better debug this and provide you with more information let mek now

comment:3 by Tim Kosse, 2 years ago

Status: newmoreinfo

FileZilla Server does not use schannel.

Could some firewall be blocking the communication?

comment:4 by Wesley, 2 years ago

Status: moreinfonew

no windows firewall is disabled, the normal FTP traffic works without a problem . its only the admin interface. when i select a wrong port i get the same message ( only not the GNU TLS error)

also amended the server OS in the issue ( its 2016 not 2012 R2)

comment:5 by Wesley, 2 years ago

Operating system version: 2012 R22016

comment:6 by Tim Kosse, 2 years ago

Status: newmoreinfo

What is being written into the server's log file, located in the Logs directory inside the installation directory?

comment:7 by Wesley, 2 years ago

Status: moreinfonew

Hello Tim,

the Logs directory is Empty. i found that we had logfiles in the 32bit version of the server ( we upgraded in October).

i have also renamed the filezilla-server-gui folder in appdata to see if that resolved anything

comment:8 by Wesley, 2 years ago

What are other options to check? @tim Kosse

comment:9 by Tim Kosse, 2 years ago

Status: newmoreinfo

the Logs directory is Empty. i found that we had logfiles in the 32bit version of the server ( we upgraded in October).

FileZilla Server does not support 32bit Windows.

I'm beginning to question this original statement:

the ftp server part runs fine

How did you check this? Did you ensure that there is no other FTP server running as well on the same machine?

comment:10 by Wesley, 23 months ago

Status: moreinfonew

@Tim

while testing on my own machine , i managed to trigger the root cause

a invalid certificate under Administration. once that is misconfigured and you exit the admin tool you cannot connect anymore until you modify the settings xml file under

C:\Windows\System32\config\systemprofile\AppData\Local\filezilla-server

i have fixed it by editing the line <tls min_protocol_version="2" index="1"> to <tls min_protocol_version="2" index="2"> and copying a fingerprint from a fresh installation
and removing the lines stating the path to the incorrect certificate

Last edited 23 months ago by Wesley (previous) (diff)
Note: See TracTickets for help on using tickets.