Enabling TLS 1.2 causes a GnuTLS error -9

[ChrisTX]

I'm hosting a FTP server with explicit TLS and recently enabled TLS 1.1/1.2 on it. Now a few users reported to me (and I could reproduce this) that they couldn't connect to the server due to a GnuTLS error being displayed.
Other clients using GnuTLS (but those are using newer version from what they've told me) or Windows CryptoAPI/CNG (ie SmartFTP) can still connect flawlessy.

Server:
IIS 7.5, SSL 3.0, TLS 1.0,1.1,1.2 enabled, explicit mode. (with 1.1/1.2 disabled, it works)

Logs:

Status: Resolving address of rev-crew.info
Status: Connecting to x.x.x.x:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220 Microsoft FTP Service
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH command ok. Expecting TLS Negotiation.
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::Failure(-9, 10053)
Error: GnuTLS error -9: A TLS packet with unexpected length was received.
Status: Server did not properly shut down TLS connection
Trace: CTlsSocket::OnSocketEvent(): close event received
Trace: CRealControlSocket::OnClose(10053)
Trace: CControlSocket::DoClose(64)
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Error: Could not connect to server
Trace: CFileZillaEnginePrivate::ResetOperation(66)
Status: Waiting to retry...
Trace: CControlSocket::DoClose(64)
Trace: CControlSocket::DoClose(64)

[Alexander Schuch]

Maybe a duplicate of #7206?

Which version of GnuTLS are you using - see "about" dialogue?
Do you still have the problem with a current version of FileZilla?

[Alexander Schuch]

No reply for more than 28 days.