#8322 closed Bug report (duplicate)
Client cannot connect using Require explicit FTP over TLS
Reported by: | Vlado | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | FileZilla Client |
Keywords: | gnutls-12 | Cc: | |
Component version: | Operating system type: | Windows | |
Operating system version: |
Description
CLIENT SIDE:
FileZilla Client
Version: 3.6.0.1
Build information:
Compiled for: i586-pc-mingw32msvc
Compiled on: x86_64-unknown-linux-gnu
Build date: 2012-11-18
Compiled with: i586-mingw32msvc-gcc (GCC) 4.2.1-sjlj (mingw32-2)
Compiler flags: -g -O2 -Wall -g -fexceptions
Linked against:
wxWidgets: 2.8.12
GnuTLS: 3.1.4
SQLite: 3.7.6.2
Operating system:
Name: Windows XP (build 2600, Service Pack 3)
Version: 5.1
Platform: 32 bit system
SERVER SIDE:
vsftpd-2.2.2-11.el6.i686 on CentOS 6.3 x86 configured with:
tcp_wrappers=YES
pasv_enable=YES
ssl_enable=YES
force_local_logins_ssl=YES
force_local_data_ssl=YES
CLIENT DEBUG LOG:
13:18:36 Trace: CControlSocket::DoClose(64)
13:18:36 Trace: CControlSocket::DoClose(64)
13:18:36 Status: Resolving address of xxx.sk
13:18:36 Status: Connecting to 213.xxx:21...
13:18:36 Status: Connection established, waiting for welcome message...
13:18:36 Trace: CFtpControlSocket::OnReceive()
13:18:36 Response: 220 Welcome to FTP PB service.
13:18:36 Trace: CFtpControlSocket::SendNextCommand()
13:18:36 Command: AUTH TLS
13:18:36 Trace: CFtpControlSocket::OnReceive()
13:18:36 Response: 234 Proceed with negotiation.
13:18:36 Status: Initializing TLS...
13:18:36 Trace: CTlsSocket::Handshake()
13:18:36 Trace: CTlsSocket::ContinueHandshake()
13:18:36 Trace: CTlsSocket::OnSend()
13:18:36 Trace: CTlsSocket::OnRead()
13:18:36 Trace: CTlsSocket::ContinueHandshake()
13:18:37 Trace: CTlsSocket::OnRead()
13:18:37 Trace: CTlsSocket::ContinueHandshake()
13:18:37 Trace: CTlsSocket::Failure(-12, 10053)
13:18:37 Trace: GnuTLS alert 40: Handshake failed
13:18:37 Error: GnuTLS error -12: A TLS fatal alert has been received.
13:18:37 Trace: CRealControlSocket::OnClose(10053)
13:18:37 Trace: CControlSocket::DoClose(64)
13:18:37 Trace: CFtpControlSocket::ResetOperation(66)
13:18:37 Trace: CControlSocket::ResetOperation(66)
13:18:37 Error: Could not connect to server
13:18:37 Trace: CFileZillaEnginePrivate::ResetOperation(66)
13:18:37 Status: Waiting to retry...
SERVER VSFTPD.LOG:
Mon Nov 19 14:05:00 2012 [pid 15066] CONNECT: Client "10.10.102.6"
Mon Nov 19 14:05:00 2012 [pid 15066] FTP response: Client "10.10.102.6", "220 Welcome to FTP PB service."
Mon Nov 19 14:05:00 2012 [pid 15066] FTP command: Client "10.10.102.6", "AUTH TLS"
Mon Nov 19 14:05:00 2012 [pid 15066] FTP response: Client "10.10.102.6", "234 Proceed with negotiation."
Mon Nov 19 14:05:01 2012 [pid 15066] DEBUG: Client "10.10.102.6", "SSL_accept failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher"
HISTORY:
3.6.0.1 - does not connect
3.6.0 - worked fine!
3.5.3 - does not connect
3.5.2 (and older) - worked fine!
ADDITIONAL INFO:
There was no change in server configuration between trying FileZilla Client 3.6.0 and 3.6.0.1 - I tried 3.6.0 this morning and 3.6.0.1 this afternoon.
I have not old VSFTPD.LOG with Client 2.5.3, so I'm not sure if there was same error message "no shared cipher".
Attachments (2)
Change History (7)
by , 12 years ago
Attachment: | Client-3.6.0-successfully-connects.txt added |
---|
by , 12 years ago
Attachment: | Server-3.6.0-successfully-connects.txt added |
---|
comment:1 by , 12 years ago
comment:2 by , 12 years ago
Problem still remains in 3.6.0.2:
11:27:41 Status: Resolving address of pbmail.coopexsoft.sk
11:27:41 Status: Connecting to 213.....:21...
11:27:41 Status: Connection established, waiting for welcome message...
11:27:41 Response: 220 Welcome to FTP PB service.
11:27:41 Command: AUTH TLS
11:27:41 Response: 234 Proceed with negotiation.
11:27:41 Status: Initializing TLS...
11:27:41 Error: GnuTLS error -12: A TLS fatal alert has been received.
11:27:41 Error: Could not connect to server
I have to downgrade to 3.6.0 again.
comment:3 by , 12 years ago
Weak ciphers are disabled in newer versions FileZilla Client. Can you enable strong ciphers in your FTP server so that client and server can negotiate any of the strong ciphers?
comment:4 by , 12 years ago
Resolution: | → duplicate |
---|---|
Status: | new → closed |
This is a duplicate of #7873.
comment:7 by , 11 years ago
Keywords: | gnutls-12 added |
---|
I downgraded to 3.6.0 and added both client-side and server-side logs of successfull connection.