Opened 7 years ago

Closed 6 years ago

Last modified 6 years ago

#8322 closed Bug report (duplicate)

Client cannot connect using Require explicit FTP over TLS

Reported by: Vlado Owned by:
Priority: normal Component: FileZilla Client
Keywords: gnutls-12 Cc:
Component version: Operating system type: Windows
Operating system version:

Description

CLIENT SIDE:

FileZilla Client


Version: 3.6.0.1

Build information:

Compiled for: i586-pc-mingw32msvc
Compiled on: x86_64-unknown-linux-gnu
Build date: 2012-11-18
Compiled with: i586-mingw32msvc-gcc (GCC) 4.2.1-sjlj (mingw32-2)
Compiler flags: -g -O2 -Wall -g -fexceptions

Linked against:

wxWidgets: 2.8.12
GnuTLS: 3.1.4
SQLite: 3.7.6.2

Operating system:

Name: Windows XP (build 2600, Service Pack 3)
Version: 5.1
Platform: 32 bit system

SERVER SIDE:

vsftpd-2.2.2-11.el6.i686 on CentOS 6.3 x86 configured with:

tcp_wrappers=YES
pasv_enable=YES
ssl_enable=YES
force_local_logins_ssl=YES
force_local_data_ssl=YES

CLIENT DEBUG LOG:
13:18:36 Trace: CControlSocket::DoClose(64)
13:18:36 Trace: CControlSocket::DoClose(64)
13:18:36 Status: Resolving address of xxx.sk
13:18:36 Status: Connecting to 213.xxx:21...
13:18:36 Status: Connection established, waiting for welcome message...
13:18:36 Trace: CFtpControlSocket::OnReceive()
13:18:36 Response: 220 Welcome to FTP PB service.
13:18:36 Trace: CFtpControlSocket::SendNextCommand()
13:18:36 Command: AUTH TLS
13:18:36 Trace: CFtpControlSocket::OnReceive()
13:18:36 Response: 234 Proceed with negotiation.
13:18:36 Status: Initializing TLS...
13:18:36 Trace: CTlsSocket::Handshake()
13:18:36 Trace: CTlsSocket::ContinueHandshake()
13:18:36 Trace: CTlsSocket::OnSend()
13:18:36 Trace: CTlsSocket::OnRead()
13:18:36 Trace: CTlsSocket::ContinueHandshake()
13:18:37 Trace: CTlsSocket::OnRead()
13:18:37 Trace: CTlsSocket::ContinueHandshake()
13:18:37 Trace: CTlsSocket::Failure(-12, 10053)
13:18:37 Trace: GnuTLS alert 40: Handshake failed
13:18:37 Error: GnuTLS error -12: A TLS fatal alert has been received.
13:18:37 Trace: CRealControlSocket::OnClose(10053)
13:18:37 Trace: CControlSocket::DoClose(64)
13:18:37 Trace: CFtpControlSocket::ResetOperation(66)
13:18:37 Trace: CControlSocket::ResetOperation(66)
13:18:37 Error: Could not connect to server
13:18:37 Trace: CFileZillaEnginePrivate::ResetOperation(66)
13:18:37 Status: Waiting to retry...

SERVER VSFTPD.LOG:
Mon Nov 19 14:05:00 2012 [pid 15066] CONNECT: Client "10.10.102.6"
Mon Nov 19 14:05:00 2012 [pid 15066] FTP response: Client "10.10.102.6", "220 Welcome to FTP PB service."
Mon Nov 19 14:05:00 2012 [pid 15066] FTP command: Client "10.10.102.6", "AUTH TLS"
Mon Nov 19 14:05:00 2012 [pid 15066] FTP response: Client "10.10.102.6", "234 Proceed with negotiation."
Mon Nov 19 14:05:01 2012 [pid 15066] DEBUG: Client "10.10.102.6", "SSL_accept failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher"

HISTORY:
3.6.0.1 - does not connect
3.6.0 - worked fine!
3.5.3 - does not connect
3.5.2 (and older) - worked fine!

ADDITIONAL INFO:
There was no change in server configuration between trying FileZilla Client 3.6.0 and 3.6.0.1 - I tried 3.6.0 this morning and 3.6.0.1 this afternoon.
I have not old VSFTPD.LOG with Client 2.5.3, so I'm not sure if there was same error message "no shared cipher".

Attachments (2)

Client-3.6.0-successfully-connects.txt (9.7 KB) - added by Vlado 7 years ago.
Server-3.6.0-successfully-connects.txt (5.7 KB) - added by Vlado 7 years ago.

Download all attachments as: .zip

Change History (7)

Changed 7 years ago by Vlado

Changed 7 years ago by Vlado

comment:1 Changed 7 years ago by Vlado

I downgraded to 3.6.0 and added both client-side and server-side logs of successfull connection.

comment:2 Changed 7 years ago by Vlado

Problem still remains in 3.6.0.2:

11:27:41 Status: Resolving address of pbmail.coopexsoft.sk
11:27:41 Status: Connecting to 213.....:21...
11:27:41 Status: Connection established, waiting for welcome message...
11:27:41 Response: 220 Welcome to FTP PB service.
11:27:41 Command: AUTH TLS
11:27:41 Response: 234 Proceed with negotiation.
11:27:41 Status: Initializing TLS...
11:27:41 Error: GnuTLS error -12: A TLS fatal alert has been received.
11:27:41 Error: Could not connect to server

I have to downgrade to 3.6.0 again.

comment:3 Changed 6 years ago by Alexander Schuch

Weak ciphers are disabled in newer versions FileZilla Client. Can you enable strong ciphers in your FTP server so that client and server can negotiate any of the strong ciphers?

comment:4 Changed 6 years ago by Alexander Schuch

Resolution: duplicate
Status: newclosed

This is a duplicate of #7873.

comment:7 Changed 6 years ago by Alexander Schuch

Keywords: gnutls-12 added
Note: See TracTickets for help on using tickets.