Opened 17 years ago

Last modified 11 years ago

#2772 closed Feature request

AUTH SSL support missing from v3?

Reported by: jdrgoldeneagle Owned by:
Priority: normal Component: FileZilla Client
Keywords: Cc: jdrgoldeneagle, Tim Kosse, esigra@…
Component version: Operating system type:
Operating system version:

Description

Version 3 seems to be missing some of the SSL support that version 2 had.

In version 2 I could connect with a servertype of "FTP over SSL (explicit encryption)", which would send an "AUTH SSL" command to which I would receive a "234 AUTH TLS-P/SSL OK." response.

Version 3 has a servertype of "FTPES - FTP over explicit TLS/SSL", but this sends an "AUTH TLS" command and the server I'm trying to connect to responds with "234 AUTH TLS-C/TLS OK." and then times out when sending the "USER" command.

Perhaps this is a really a bug with the new "FTPES - FTP over explicit TLS/SSL" servertype (in which case I'll be glad to submit it to the bug list), but since it's trying to use "AUTH TLS" instead of "AUTH SSL", I'm assuming that it's a missing feature.

Change History (5)

comment:1 by Tim Kosse, 17 years ago

AUTH SSL has never been standardized, FileZilla only uses it as fallback if the AUTH TLS command as specified in RFC 4217 fails. That said, AUTH TLS works fine with all recent servers which accept this command.

Please post the full, unobfuscated contents of the message log of FileZilla with debug level set to 3.

comment:2 by jdrgoldeneagle, 17 years ago

It appears I was somewhat mistaken. It's not just AUTH SSL, as I can connect with AUTH TLS as well with v2 ("FTP over TLS (explicit encryption)"). I guess something else is happening with v3 (apparently this really is a bug rather than a missing feature). As you can see from the first log (v3), it appears to be connecting, and it sends the USER command, but then it hangs. V2 has no problems in either case, and both logs are listed for comparison.

[From FileZilla 3.0.3, using FTPES - FTP over explicit TLS/SSL]

Status: Selected port usually in use by a different protocol.
Status: Resolving IP-Address for ftp.site.com
Trace: ControlSocket.cpp(962): CRealControlSocket::ContinueConnect(012B6A60) m_pEngine=010D9278 caller=012CA0C8
Status: Connecting to aaa.bbb.ccc.ddd:10021...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220 <<<Connect:Enterprise UNIX 2.3.00 Secure FTP>>> at bruin FTP server ready. Time = 13:30:09
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH TLS-C/TLS OK.
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Command: USER userid
Error: Connection timed out
Trace: CFtpControlSocket::ResetOperation(2114)
Trace: CControlSocket::ResetOperation(2114)
Error: Could not connect to server
Status: Waiting to retry...
Status: Resolving IP-Address for ftp.site.com
Trace: ControlSocket.cpp(962): CRealControlSocket::ContinueConnect(012B8D28) m_pEngine=010D9278 caller=012CA0C8
Status: Connecting to aaa.bbb.ccc.ddd:10021...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220 <<<Connect:Enterprise UNIX 2.3.00 Secure FTP>>> at bruin FTP server ready. Time = 13:30:30
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH TLS-C/TLS OK.
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Command: USER userid
Error: Connection timed out
Trace: CFtpControlSocket::ResetOperation(2114)
Trace: CControlSocket::ResetOperation(2114)
Error: Could not connect to server
Status: Waiting to retry...
Error: Connection attempt interrupted by user

[From FileZilla 2.2.16, using FTP over SSL (explicit encryption)]

Status: Connecting to ftp.site.com:10021 ...
Trace: FtpControlSocket.cpp(5047): m_pSslLayer changed state from 0 to 1 caller=0x003bc614
Trace: FtpControlSocket.cpp(5047): m_pSslLayer changed state from 1 to 2 caller=0x003bc614
Trace: FtpControlSocket.cpp(5047): m_pSslLayer changed state from 2 to 4 caller=0x003bc614
Trace: FtpControlSocket.cpp(921): OnConnect(0) OpMode=1 OpState=-8 caller=0x003bc614
Status: Connected with ftp.site.com:10021, negotiating SSL connection...
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-8 caller=0x003bc614
Response: 220 <<<Connect:Enterprise UNIX 2.3.00 Secure FTP>>> at bruin FTP server ready. Time = 13:36:45
Command: AUTH SSL
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-9 caller=0x003bc614
Response: 234 AUTH TLS-P/SSL OK.
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-10 caller=0x003bc614
Trace: SSL_connect: SSLv3 read server hello A
Trace: SSL_connect: SSLv3 read server certificate A
Trace: SSL_connect: SSLv3 read server done A
Trace: SSL_connect: SSLv3 write client key exchange A
Trace: SSL_connect: SSLv3 write change cipher spec A
Trace: SSL_connect: SSLv3 write finished A
Trace: SSL_connect: SSLv3 flush data
Trace: SSL_connect: SSLv3 read finished A
Trace: Using SSLv3, cipher TLSv1/SSLv3: AES128-SHA, 1024 bit RSA
Status: SSL connection established. Waiting for welcome message...
Command: USER userid
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=0 caller=0x003bc614
Response: 331 Password required for userid.
Command: PASS
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=3 caller=0x003bc614
Response: 230 Connect:Enterprise UNIX login ok, access restrictions apply.
Command: FEAT
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-13 caller=0x003bc614
Response: 500 'FEAT': command not understood.
Command: SYST
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-14 caller=0x003bc614
Response: 215 UNIX Type: L8
Command: PBSZ 0
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-11 caller=0x003bc614
Response: 200 PBSZ 0 OK.
Command: PROT P
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-12 caller=0x003bc614
Response: 200 PROT P OK, data channel will be secured.
Status: Connected
Trace: FtpControlSocket.cpp(3882): ResetOperation(1) OpMode=1 OpState=-12 caller=0x003bc614
Trace: FtpControlSocket.cpp(1132): List(FALSE,0,"","",1) OpMode=0 OpState=-1 caller=0x003bc614
Status: Retrieving directory listing...
Command: PWD
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=4 OpState=0 caller=0x003bc614
Response: 257 "/userid" is current directory.
Trace: FtpControlSocket.cpp(1132): List(FALSE,0,"","",0) OpMode=4 OpState=0 caller=0x003bc614
Command: TYPE A
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=4 OpState=8 caller=0x003bc614
Response: 200 Type set to A.
Trace: FtpControlSocket.cpp(1132): List(FALSE,0,"","",0) OpMode=4 OpState=8 caller=0x003bc614
Command: PASV
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=4 OpState=7 caller=0x003bc614
Response: 227 Entering Passive Mode (aaa,bbb,ccc,ddd,40,60)
Trace: FtpControlSocket.cpp(1132): List(FALSE,0,"","",0) OpMode=4 OpState=7 caller=0x003bc614
Trace: TransferSocket.cpp(577): SetActive() caller=0x01672f1c
Command: LIST
Trace: TransferSocket.cpp(465): OnConnect(0) caller=0x01672f1c
Trace: TransferSocket.cpp(1172): m_pSslLayer changed state from 0 to 4 caller=0x01672f1c
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=4 OpState=9 caller=0x003bc614
Response: 150 Opening ASCII mode data connection for .
Trace: FtpControlSocket.cpp(1132): List(FALSE,0,"","",0) OpMode=4 OpState=9 caller=0x003bc614
Trace: TransferSocket.cpp(1172): m_pSslLayer changed state from 4 to 5 caller=0x01672f1c
Status: SSL connection established
Trace: TransferSocket.cpp(1158): Close() caller=0x01672f1c
Trace: FtpControlSocket.cpp(1878): TransferEnd(4) OpMode=4 OpState=10 caller=0x003bc614
Trace: FtpControlSocket.cpp(1132): List(TRUE,0,"","",0) OpMode=4 OpState=10 caller=0x003bc614
Trace: TransferSocket.cpp(97): ~CTransferSocket() caller=0x01672f1c
Trace: TransferSocket.cpp(1158): Close() caller=0x01672f1c
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=4 OpState=10 caller=0x003bc614
Response: 226 Transfer complete - no batches.
Trace: FtpControlSocket.cpp(1132): List(FALSE,0,"","",0) OpMode=4 OpState=10 caller=0x003bc614
Status: Directory listing successful
Trace: FtpControlSocket.cpp(3882): ResetOperation(1) OpMode=4 OpState=10 caller=0x003bc614

[From FileZilla 2.2.16, using FTP over TLS (explicit encryption)]

Status: Connecting to ftp.site.com:10021 ...
Trace: FtpControlSocket.cpp(5047): m_pSslLayer changed state from 0 to 1 caller=0x003bc614
Trace: FtpControlSocket.cpp(5047): m_pSslLayer changed state from 1 to 2 caller=0x003bc614
Trace: FtpControlSocket.cpp(5047): m_pSslLayer changed state from 2 to 4 caller=0x003bc614
Trace: FtpControlSocket.cpp(921): OnConnect(0) OpMode=1 OpState=-8 caller=0x003bc614
Status: Connected with ftp.site.com:10021, negotiating SSL connection...
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-8 caller=0x003bc614
Response: 220 <<<Connect:Enterprise UNIX 2.3.00 Secure FTP>>> at bruin FTP server ready. Time = 13:44:55
Command: AUTH TLS
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-9 caller=0x003bc614
Response: 234 AUTH TLS-C/TLS OK.
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-10 caller=0x003bc614
Trace: SSL_connect: SSLv3 read server hello A
Trace: SSL_connect: SSLv3 read server certificate A
Trace: SSL_connect: SSLv3 read server done A
Trace: SSL_connect: SSLv3 write client key exchange A
Trace: SSL_connect: SSLv3 write change cipher spec A
Trace: SSL_connect: SSLv3 write finished A
Trace: SSL_connect: SSLv3 flush data
Trace: SSL_connect: SSLv3 read finished A
Trace: Using SSLv3, cipher TLSv1/SSLv3: AES128-SHA, 1024 bit RSA
Status: SSL connection established. Waiting for welcome message...
Command: USER userid
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=0 caller=0x003bc614
Response: 331 Password required for userid.
Command: PASS
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=3 caller=0x003bc614
Response: 230 Connect:Enterprise UNIX login ok, access restrictions apply.
Command: FEAT
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-13 caller=0x003bc614
Response: 500 'FEAT': command not understood.
Command: SYST
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-14 caller=0x003bc614
Response: 215 UNIX Type: L8
Command: PBSZ 0
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-11 caller=0x003bc614
Response: 200 PBSZ 0 OK.
Command: PROT P
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=1 OpState=-12 caller=0x003bc614
Response: 200 PROT P OK, data channel will be secured.
Status: Connected
Trace: FtpControlSocket.cpp(3882): ResetOperation(1) OpMode=1 OpState=-12 caller=0x003bc614
Trace: FtpControlSocket.cpp(1132): List(FALSE,0,"","",1) OpMode=0 OpState=-1 caller=0x003bc614
Status: Retrieving directory listing...
Command: PWD
Trace: FtpControlSocket.cpp(744): OnReceive(0) OpMode=4 OpState=0 caller=0x003bc614
Response: 257 "/userid" is current directory.
Trace: FtpControlSocket.cpp(1132): List(FALSE,0,"","",0) OpMode=4 OpState=0 caller=0x003bc614
Status: Directory listing successful
Trace: FtpControlSocket.cpp(3882): ResetOperation(1) OpMode=4 OpState=0 caller=0x003bc614

comment:3 by Tim Kosse, 17 years ago

1) Is there anything in the server logs?

2) Would it be possible to get a temporary guest account to analyze this problem further? It's far easier to fix things I can observe myself in the debugger.

comment:4 by sf-robot, 17 years ago

This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).

comment:5 by odalman, 16 years ago

Cc: esigra@… added
Note: See TracTickets for help on using tickets.