can't use FileZilla with pure-ftpd in TLS/SSL mode

[peter_daum]

There has been a bug report (#1015355) with the same
subject
which unfortunatley has been deleted without any comments.

My experiences have been the same: the connection is
established,
but somehow filezilla can't get a directory listing.

Is there any way to connect with filezilla to a
pure-ftp server
over a tls secured connection?

Regards,

Peter Daum

[phi-whiterabbit]

Same problem to me.

I used FileZilla Server and connected with FileZilla via
implicit SSL/TLS (Port 990). Everytime i got:

Status: Verbinden mit 83.129.73.139:990...
Status: Verbunden mit 83.129.73.139:990, SSL-Verbindung wird
ausgehandelt...
Status: SSL-Verbindung hergestellt. Warten auf
Willkommens-Meldung...
Fehler: Timeout entdeckt!
Fehler: Verbindung kann nicht hergestellt werden!

on the serverside i got:

(000054) 22.03.2005 00:43:00 - (not logged in)
(83.129.73.139)> Connected, sending welcome message...
(000054) 22.03.2005 00:43:00 - (not logged in)
(83.129.73.139)> 220 FileZilla Server version 0.9.6 beta
(000054) 22.03.2005 00:43:00 - (not logged in)
(83.129.73.139)> SSL connection established
(000054) 22.03.2005 00:43:31 - (not logged in)
(83.129.73.139)> disconnected.

Then i tried to connect with another FTP-Client to my
FileZilla Server and it works...

* CuteFTP 7.0 - build Mar 10 2005 *

STATUS:> Getting listing ""...
STATUS:> Connecting to FTP server 83.129.73.139:990 (ip =
83.129.73.139)...
STATUS:> Socket connected. Waiting for welcome message...
STATUS:> Initializing SSL module.
STATUS:> Connected. Exchanging encryption keys...
STATUS:> SSL Connect time: 281 ms.
STATUS:> SSL encrypted session established.

220 FileZilla Server version 0.9.6 beta

STATUS:> Connected. Authenticating...
COMMAND:> USER hiro

331 Password required for hiro

COMMAND:> PASS *

230 Logged on

STATUS:> Login successful.
COMMAND:> PWD

257 "/" is current directory.

STATUS:> Home directory: /
COMMAND:> FEAT

211-Features:

MDTM
REST STREAM
SIZE
MODE Z
MLST type*;size*;modify*;

211 End

STATUS:> This site supports features.
STATUS:> This site supports SIZE.
STATUS:> This site can resume broken downloads.
COMMAND:> MODE Z

200 MODE set to Z.

COMMAND:> REST 0

350 Rest supported. Restarting at 0

COMMAND:> PBSZ 0

502 Command not implemented for this authentication type

COMMAND:> PROT P

200 Protection level set to P

COMMAND:> PASV

227 Entering Passive Mode (192,168,0,10,17,33)

COMMAND:> LIST
STATUS:> Substituting received PASV address 192.168.0.10
to server address 83.129.73.139.
STATUS:> Connecting FTP data socket 83.129.73.139:4385...
ERROR:> The connection failed due to an error or timeout.

1) Verify that the destination IP address is correct.
2) Increase the connection timeout threshold under Global

Settings | Connection.

3) Switch to the opposite data connection type (PASV or

PORT) under Site Settings | Type tab.

4) Verify that the problem is not local by trying to

connect to an alternate server.

5) If a server name was used, verify it resolves to the

correct address.

6) If using a local server table for server name

resolution, check to see that it doesn't resolve to an
obsolete address.

7) Try pinging the address.
8) If you are using a router, verify the router is up and

running (check by pinging it and then ping an address
outside of the router).

9) Do a traceroute to the destination to verify all

routers along the connection path are operational.

10) Verify that your subnet mask is setup properly.
11) Verify that your local software or hardware firewall

is not blocking outbound connections originating from CuteFTP.

12) Verify that your anti-virus software is not at fault

(try disabling it).
ERROR:> PASV failed, trying PORT.
STATUS:> Waiting 0 seconds...
STATUS:> Getting listing "/"...
STATUS:> Connecting to FTP server 83.129.73.139:990 (ip =
83.129.73.139)...
STATUS:> Socket connected. Waiting for welcome message...
STATUS:> Initializing SSL module.
STATUS:> Connected. Exchanging encryption keys...
STATUS:> SSL Connect time: 328 ms.
STATUS:> SSL encrypted session established.

220 FileZilla Server version 0.9.6 beta

STATUS:> Connected. Authenticating...
COMMAND:> USER hiro

331 Password required for hiro

COMMAND:> PASS *

230 Logged on

STATUS:> Login successful.
COMMAND:> PWD

257 "/" is current directory.

STATUS:> Home directory: /
STATUS:> This site supports features.
STATUS:> This site supports SIZE.
STATUS:> This site can resume broken downloads.
COMMAND:> MODE Z

200 MODE set to Z.

COMMAND:> REST 0

350 Rest supported. Restarting at 0

COMMAND:> PBSZ 0

502 Command not implemented for this authentication type

COMMAND:> PROT P

200 Protection level set to P

COMMAND:> PORT 192,168,0,10,17,36

200 Port command successful

COMMAND:> LIST

150 Opening data channel for directory list.

STATUS:> Connected. Exchanging encryption keys...
STATUS:> SSL Connect time: 15 ms.
STATUS:> SSL encrypted session established.

226 Transfer OK, compression saved 379 of 560 bytes (67.68%)

STATUS:> Directory listing completed.
COMMAND:> TYPE A

200 Type set to A

COMMAND:> REST 0

350 Rest supported. Restarting at 0

COMMAND:> PORT 192,168,0,10,17,37

200 Port command successful

COMMAND:> LIST

150 Opening data channel for directory list.

STATUS:> Connected. Exchanging encryption keys...
STATUS:> SSL Connect time: 32 ms.
STATUS:> SSL encrypted session established.

226 Transfer OK, compression saved 379 of 560 bytes (67.68%)

COMMAND:> REST 0

350 Rest supported. Restarting at 0

ERROR:> Control connection closed.

[phi-whiterabbit]

addition:

can it be that the client waits for the server to send it's
welcome-msg after the SSL-handshake? I think it must do this
immediately after successfully connected and before
establishing the SSL-Link.

Not sure...

[peter_daum]

The original bug report was referring to FileZilla vs. PureFTPD:
PureFTPD can not encrypt the data connections, while FileZilla
could only encrypted all or nothing. ( See also:[ 1144783 ]
Error sending PROT P command in Explicit TLS/SSL connections)
This has been fixed in FileZilla 2.2.12
(You should file a new report for your issue)