Opened 15 years ago

Last modified 6 years ago

#878 closed Bug report

explicit SSL over normal connection bug

Reported by: bladud Owned by:
Priority: normal Component: Other
Keywords: Cc: bladud, Tim Kosse, esigra@…
Component version: Operating system type:
Operating system version:

Description

If explicit SSl is forced for normal connections (and
possibly if it is simply allowed), a remote connection
from a UNIX client running ftp-ssl disconnects. This is
what the client sees:

227 Entering Passive Mode ({IP address})
150 Connection accepted
ftp: SSL_connect DATA error -1 - error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number
226 Transfer OK
ssl_getc: SSL_read failed -1 = 104
421 Service not available, remote server has closed
connection

The server believes everything is fine, authenticates
and sends LIST, but then disconnects.

This does not occur using Filezilla client under windows.

Change History (3)

comment:1 Changed 15 years ago by Tim Kosse

A complete log would be nice.

Please make sure the client sends the PROT P command if it
wants to use an encrypted data channel, Unless otherwise
requested, the default mode if PROT C, unencrypted data channel.

comment:2 Changed 15 years ago by bladud

You are quite right; the client does not seem to be sending
the PROT P command. I shall therefore bug them for a fix.

Complete log follows:

(IP is a single specific IP address)

(000007) 11/05/2005 20:04:56 - (not logged in) (IP)>
Connected, sending welcome message...
(000007) 11/05/2005 20:04:56 - (not logged in) (IP)>
220-FileZilla Server version 0.9.7 beta
(000007) 11/05/2005 20:04:56 - (not logged in) (IP)>
220-written by Tim Kosse (Tim.Kosse@…)
(000007) 11/05/2005 20:04:56 - (not logged in) (IP)> 220
Please visit http://sourceforge.net/projects/filezilla/
(000007) 11/05/2005 20:05:03 - (not logged in) (IP)> AUTH SSL
(000007) 11/05/2005 20:05:03 - (not logged in) (IP)> 334
Using authentication type SSL
(000007) 11/05/2005 20:05:04 - (not logged in) (IP)> SSL
connection established
(000007) 11/05/2005 20:05:04 - (not logged in) (IP)> USER
(000007) 11/05/2005 20:05:04 - (not logged in) (IP)> 331
Password required for
(000007) 11/05/2005 20:05:07 - (not logged in) (IP)> PASS

(000007) 11/05/2005 20:05:07 -
(IP)> 230 Logged on
(000007) 11/05/2005 20:05:07 -
(IP)> SYST
(000007) 11/05/2005 20:05:07 -
(IP)> 215 UNIX emulated
by FileZilla
(000007) 11/05/2005 20:05:17 -
(IP)> PORT {IP}
(000007) 11/05/2005 20:05:17 -
(IP)> 200 Port command
successful
(000007) 11/05/2005 20:05:17 -
(IP)> LIST
(000007) 11/05/2005 20:05:17 -
(IP)> 150 Opening data
channel for directory list.
(000007) 11/05/2005 20:05:20 -
(IP)> 226 Transfer OK
(000007) 11/05/2005 20:05:20 -
(IP)> disconnected.
(000008) 11/05/2005 20:06:55 - (not logged in) (IP)>
Connected, sending welcome message...
(000008) 11/05/2005 20:06:55 - (not logged in) (IP)>
220-FileZilla Server version 0.9.7 beta
(000008) 11/05/2005 20:06:55 - (not logged in) (IP)>
220-written by Tim Kosse (Tim.Kosse@…)
(000008) 11/05/2005 20:06:55 - (not logged in) (IP)> 220
Please visit http://sourceforge.net/projects/filezilla/
(000008) 11/05/2005 20:06:55 - (not logged in) (IP)> 20
(000008) 11/05/2005 20:06:55 - (not logged in) (IP)> 500
Syntax error, command unrecognized.
(000008) 11/05/2005 20:07:12 - (not logged in) (IP)>
disconnected.
(000009) 11/05/2005 20:07:14 - (not logged in) (IP)>
Connected, sending welcome message...
(000009) 11/05/2005 20:07:14 - (not logged in) (IP)>
220-FileZilla Server version 0.9.7 beta
(000009) 11/05/2005 20:07:14 - (not logged in) (IP)>
220-written by Tim Kosse (Tim.Kosse@…)
(000009) 11/05/2005 20:07:14 - (not logged in) (IP)> 220
Please visit http://sourceforge.net/projects/filezilla/
(000009) 11/05/2005 20:07:22 - (not logged in) (IP)> AUTH SSL
(000009) 11/05/2005 20:07:22 - (not logged in) (IP)> 334
Using authentication type SSL
(000009) 11/05/2005 20:07:22 - (not logged in) (IP)> SSL
connection established
(000009) 11/05/2005 20:07:22 - (not logged in) (IP)> USER

(000009) 11/05/2005 20:07:22 - (not logged in) (IP)> 331
Password required for

(000009) 11/05/2005 20:07:25 - (not logged in) (IP)> PASS

(000009) 11/05/2005 20:07:25 - (IP)> 230 Logged on
(000009) 11/05/2005 20:07:25 - (IP)> SYST
(000009) 11/05/2005 20:07:25 - (IP)> 215 UNIX emulated
by FileZilla
(000009) 11/05/2005 20:07:30 - (IP)> PASV
(000009) 11/05/2005 20:07:30 - (IP)> 227 Entering
Passive Mode {IP}
(000009) 11/05/2005 20:07:30 - (IP)> LIST
(000009) 11/05/2005 20:07:30 - (IP)> 150 Connection
accepted
(000009) 11/05/2005 20:07:30 - (IP)> 226 Transfer OK
(000009) 11/05/2005 20:07:30 - (IP)> disconnected.

comment:3 Changed 11 years ago by odalman

Cc: esigra@… added
Note: See TracTickets for help on using tickets.