Opened 11 years ago

Last modified 5 years ago

#3640 closed Bug report

Error Connecting with explicit TLS/SSL

Reported by: gizemail Owned by:
Priority: normal Component: Other
Keywords: Cc: gizemail, Tim Kosse
Component version: Operating system type:
Operating system version:

Description

Hi,
I regularly use Filezilla to connect to a secure server. When I upgraded to 3.1.0.1 I got an error as shown below. I reverted back to 3.0.10 and it works. I'm running on Windows XP Pro. Sensitive info changed to xxxxx

Thanks for a great product.

Frank

Status: Resolving address of xxxxxxx.xxxxxx.xxxxxxx.com
Status: Connecting to xxx.xxx.xxx.xxx:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220-xxxxxxx systems must only be used for conducting xxxxxxx's
Trace: CFtpControlSocket::OnReceive()
Response: 220-business or for purposes authorized by xxxxxxx management.
Response: 220-
Response: 220-Use is subject to audit at any time by xxxxxxx management.
Response: 220-
Response: 220-Please read /README.privacy for information concerning the
Response: 220-privacy of your data.
Response: 220-
Response: 220 xxxxxxx secure FTP server ready.
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 SSLv23/TLSv1
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::Handshake()
Trace: Handshake successful
Trace: Cipher: AES-128-CBC, MAC: SHA1
Status: Verifying certificate...
Trace: CFtpControlSocket::SendNextCommand()
Command: USER xxxxxxx
Status: TLS/SSL connection established.
Trace: CFtpControlSocket::OnReceive()
Response: 331 Password required for xxxxxxx.
Trace: CFtpControlSocket::SendNextCommand()
Command: PASS
Trace: CFtpControlSocket::OnReceive()
Response: 230 Virtual user xxxxxxx logged in.
Trace: CFtpControlSocket::SendNextCommand()
Command: SYST
Trace: CFtpControlSocket::OnReceive()
Response: 215 UNIX Type: L8
Trace: CFtpControlSocket::SendNextCommand()
Command: FEAT
Trace: CFtpControlSocket::OnReceive()
Response: 211-Extensions supported
Response: AUTH
Response: USER
Response: PASS
Response: QUIT
Response: PORT
Response: PASV
Response: EPSV
Response: TYPE
Response: STRU
Response: MODE
Response: RETR
Response: STOR
Response: ABOR
Response: DELE
Response: CWD
Response: XCWD
Response: LIST
Response: NLST
Response: SITE
Response: SYST
Response: STAT
Response: HELP
Response: NOOP
Response: MKD
Response: XMKD
Response: RMD
Response: XRMD
Response: PWD
Response: XPWD
Response: CDUP
Response: XCUP
Response: SIZE
Response: MDTM
Response: RNFR
Response: RNTO
Response: REST
Response: FEAT
Response: ADAT
Response: PROT
Response: PBSZ
Response: APPE
Response: XCRC
Response: CCC
Response: UTF8
Trace: CFtpControlSocket::OnReceive()
Response: 211 END
Trace: CFtpControlSocket::SendNextCommand()
Command: OPTS UTF8 ON
Trace: CFtpControlSocket::OnReceive()
Response: 250 SITE command successful.
Trace: CFtpControlSocket::SendNextCommand()
Command: PBSZ 0
Trace: CFtpControlSocket::OnReceive()
Response: 200 PBSZ=0
Trace: CFtpControlSocket::SendNextCommand()
Command: PROT P
Trace: CFtpControlSocket::OnReceive()
Response: 200 PROT command successful
Status: Connected
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Status: Retrieving directory listing...
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::ChangeDirSend()
Command: PWD
Trace: CFtpControlSocket::OnReceive()
Response: 257 "/" is current directory.
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Trace: CFtpControlSocket::ParseSubcommandResult(0)
Trace: CFtpControlSocket::ListSubcommandResult()
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Command: TYPE I
Trace: CFtpControlSocket::OnReceive()
Response: 200 Type set to I.
Trace: CFtpControlSocket::TransferParseResponse()
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Command: PASV
Trace: CFtpControlSocket::OnReceive()
Response: 227 Entering Passive Mode (207,25,253,31,255,247)
Trace: CFtpControlSocket::TransferParseResponse()
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Command: LIST
Trace: CTransferSocket::OnConnect
Trace: CTlsSocket::Handshake()
Trace: Skipping socket event 4, id mismatch.
Trace: CTlsSocket::Handshake()
Trace: CFtpControlSocket::OnReceive()
Response: 150 Opening BINARY mode SSL data connection for file list.
Trace: CFtpControlSocket::TransferParseResponse()
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::Handshake()
Trace: Handshake successful
Trace: Cipher: AES-128-CBC, MAC: SHA1
Trace: CTransferSocket::OnConnect
Trace: CFtpControlSocket::OnReceive()
Response: 226 Transfer complete.
Trace: CFtpControlSocket::TransferParseResponse()
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: CTlsSocket::OnSocketEvent(): close event received
Trace: GnuTLS error -9: A TLS packet with unexpected length was received.
Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
Trace: CTransferSocket::TransferEnd(3)
Trace: Skipping socket event 5, no socket or id mismatch.
Trace: CFtpControlSocket::TransferEnd()
Trace: CFtpControlSocket::ResetOperation(2)
Trace: CControlSocket::ResetOperation(2)
Trace: CFtpControlSocket::ParseSubcommandResult(2)
Trace: CFtpControlSocket::ListSubcommandResult()
Trace: CFtpControlSocket::ResetOperation(2)
Trace: CControlSocket::ResetOperation(2)
Error: Failed to retrieve directory listing

Change History (1)

comment:1 Changed 11 years ago by Tim Kosse

You are using a broken server that does not perform an orderly SSL/TLS shutdown as requires by the SSL/TLS specifications. Not performing a shutdown cannot be distinguished from an attacker sending spoofed FIN packets.

You have to upgrade to a proper server. Try FileZilla Server 0.9.27 (Windows) or vsftpd 2.0.7 (other systems)

Note: See TracTickets for help on using tickets.