Control channel closed with error from source 0 filezilla - Исправление ошибок и поиск оптимальных решений проблем

Moderator: Project members

CrimpOn: 226 Transfer OK; Posts: 80; Joined: 2021-10-01 18:25; First name: Dick; Last name: Bednar

TLS Error on FileZilla 1.2 (solved)

Post

by CrimpOn » 2022-01-18 19:32

Please excuse my ignorance.

One of my security cameras had a firmware update and now defaults to FTP over TLS rather than plain (unencrypted) FTP.
«No problem». Port 21 clearly states it supports both TLS and plain FTP.
However, the FileZilla log shows this:

Code: Select all

2022-01-18T19:18:33.781Z >> [FTP Session 171 192.168.1.52] AUTH TLS
2022-01-18T19:18:33.784Z << [FTP Session 171 192.168.1.52] 234 Using authentication type TLS.
2022-01-18T19:18:33.799Z !! [FTP Session 171 192.168.1.52] GnuTLS error -87: No supported cipher suites have been found.
2022-01-18T19:18:33.800Z !! [FTP Session 171 192.168.1.52] Control channel closed with error from source 0. Reason: ECONNABORTED - Connection aborted.
2022-01-18T19:18:33.800Z !! [FTP Server] Session 171 ended with error from source 0. Reason: ECONNABORTED - Connection aborted.

FileZilla is set to use the Self-Signed certificate that was generated automatically when version 1.2 was installed.

Can someone please point me toward the steps to correct my installation?

Thanks

botg: Site Admin; Posts: 34742; Joined: 2004-02-23 20:49; First name: Tim; Last name: Kosse; Contact:

Re: TLS Error on FileZilla 1.2

Post

by botg » 2022-01-18 20:11

It appears your client doesn’t support modern ciphers. Please update your client so that it supports the default ciphers mandated by TLS 1.2 and TLS 1.3.

CrimpOn: 226 Transfer OK; Posts: 80; Joined: 2021-10-01 18:25; First name: Dick; Last name: Bednar

Re: TLS Error on FileZilla 1.2

Post

by CrimpOn » 2022-01-19 00:49

Thank you for the speedy response. I had already registered a complaint with the security camera tech support over changing the default to TLS.
Now I can ding them about their «Optimized FTP function» is defective in regards to TLS.

CrimpOn: 226 Transfer OK; Posts: 80; Joined: 2021-10-01 18:25; First name: Dick; Last name: Bednar

Re: TLS Error on FileZilla 1.2

Post

by CrimpOn » 2022-01-20 19:02

The camera company suggested that I install Cerebus FTP to confirm the problem.
(anyone not happy with the FileZilla install process will not enjoy Cerebus. )

Now have FileZilla on port 21 and Cerebus on port 121. Cerebus claims to support TLS 1.2
Alas, the camera connects to Cerebus with TLS and transfers file. No errors.
(This was not what I wanted.)

Perhaps the issue is that the default FileZilla installation puts the self-signed certificate where the connection cannot find it?

I remain frustrated that the camera user interface provides a default of «plain» and instead uses TLS.

Sorry to be unable to figure this out myself.

CrimpOn: 226 Transfer OK; Posts: 80; Joined: 2021-10-01 18:25; First name: Dick; Last name: Bednar

Re: TLS Error on FileZilla 1.2

Post

by CrimpOn » 2022-01-20 19:43

Log from failed session:

Code: Select all

2022-01-20T19:38:51.745Z II [FTP Session 4174 192.168.1.52] Session 0x276776db040 with ID 4174 created.
2022-01-20T19:38:51.803Z >> [FTP Session 4174 192.168.1.52] AUTH TLS
2022-01-20T19:38:51.803Z DD [FTP Session 4174 192.168.1.52] securer(1) ENTERING state = 0
2022-01-20T19:38:51.803Z DD [FTP Session 4174 192.168.1.52] calling tls_layer_->set_certificate_file("C:WINDOWSsystem32configsystemprofileAppDataLocalfilezilla-servercertificatesf9ded7fd623594f07ebc396eb718e48ec0a2e9f741f542ea4b135db88a45e588key.pem", "C:WINDOWSsystem32configsystemprofileAppDataLocalfilezilla-servercertificatesf9ded7fd623594f07ebc396eb718e48ec0a2e9f741f542ea4b135db88a45e588cert.pem", "****")
2022-01-20T19:38:51.804Z DD [FTP Session 4174 192.168.1.52] securer(1) EXITING state = 1
2022-01-20T19:38:51.804Z << [FTP Session 4174 192.168.1.52] 234 Using authentication type TLS.
2022-01-20T19:38:51.804Z DD [FTP Session 4174 192.168.1.52] ~securer(1) ENTERING state = 1
2022-01-20T19:38:51.804Z DD [FTP Session 4174 192.168.1.52] calling tls_layer_->set_alpn("ftp")
2022-01-20T19:38:51.804Z VV [FTP Session 4174 192.168.1.52] tls_layer_impl::server_handshake()
2022-01-20T19:38:51.804Z VV [FTP Session 4174 192.168.1.52] tls_layer_impl::continue_handshake()
2022-01-20T19:38:51.804Z DD [FTP Session 4174 192.168.1.52] ~securer(1) EXITING state = 2
2022-01-20T19:38:51.804Z DD [FTP Session 4174 192.168.1.52] tls_layer_impl::on_send()
2022-01-20T19:38:51.804Z VV [FTP Session 4174 192.168.1.52] tls_layer_impl::continue_handshake()
2022-01-20T19:38:51.825Z DD [FTP Session 4174 192.168.1.52] tls_layer_impl::on_read()
2022-01-20T19:38:51.825Z VV [FTP Session 4174 192.168.1.52] tls_layer_impl::continue_handshake()
2022-01-20T19:38:51.825Z DD [FTP Session 4174 192.168.1.52] TLS handshakep: Received CLIENT HELLO
2022-01-20T19:38:51.825Z DD [FTP Session 4174 192.168.1.52] tls_layer_impl::failure(-87)
2022-01-20T19:38:51.825Z !! [FTP Session 4174 192.168.1.52] GnuTLS error -87: No supported cipher suites have been found.
2022-01-20T19:38:51.825Z !! [FTP Session 4174 192.168.1.52] Control channel closed with error from source 0. Reason: ECONNABORTED - Connection aborted.
2022-01-20T19:38:51.825Z !! [FTP Server] Session 4174 ended with error from source 0. Reason: ECONNABORTED - Connection aborted.
2022-01-20T19:38:51.825Z II [FTP Session 4174 192.168.1.52] Session 0x276776db040 with ID 4174 destroyed.

boco: Contributor; Posts: 26451; Joined: 2006-05-01 03:28; Location: Germany

Re: TLS Error on FileZilla 1.2

Post

by boco » 2022-01-20 19:44

I’m pretty sure you mean Cerberus FTP.

Sure, it claims to support FTP over TLS 1.2, but that is not the issue. The issue is that FileZilla Server REQUIRES AT LEAST FTP over TLS version 1.2 and the support of High-Encryption cipher suites. While Cerberus claims to support FTP over TLS 1.2 as well, it also probably still supports earlier versions. The camera simply negotiates the lower TLS version with the server, be it FTP over TLS 1.1, FTP over TLS 1.0 or, heaven forbid, even FTP over SSL 3.0. My bet is on TLS 1.0.

FileZilla Server will outright reject anything below TLS 1.2, and any lower-grade ciphers as well.

### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

CrimpOn: 226 Transfer OK; Posts: 80; Joined: 2021-10-01 18:25; First name: Dick; Last name: Bednar

Re: TLS Error on FileZilla 1.2

Post

by CrimpOn » 2022-01-21 00:54

Thanks for the prompt. I checked Cerberus security settings and found this:

Only TLS 1.2 is checked. Perhaps Cerberus is allowing outdated ciphers?
It is not clear (to me) how SSL and TLS are connected in terms of ciphers. This is what Cerberus shows:
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!CAMELLIA

The Cerberus log shows: TLSv1.2 (DHE-RSA-AES256-GCM-SHA384), 256 bit encryption. Is this the part that is not accepted by FileZilla?

Code: Select all

1/20/2022 4:50:19 PM	130		Incoming connection request on FTP listener 11 at 192.168.1.2:121 accepted from 192.168.1.52:49816
1/20/2022 4:50:19 PM	130		AUTH TLS
1/20/2022 4:50:19 PM	130		234 Authentication method accepted
1/20/2022 4:50:20 PM	130		SSL connection using TLSv1.2 (DHE-RSA-AES256-GCM-SHA384), 256 bit encryption
1/20/2022 4:50:20 PM	130		SSL connection established
1/20/2022 4:50:20 PM	130		USER FrontDoorCam
1/20/2022 4:50:20 PM	130		331 User FrontDoorCam, password please
1/20/2022 4:50:20 PM	130		PASS ***********
1/20/2022 4:50:20 PM	130		Native user 'FrontDoorCam' authenticated
1/20/2022 4:50:20 PM	130		230 Password Ok, User logged in - This is an UNLICENSED copy of Cerberus FTP Server Home edition
1/20/2022 4:50:20 PM	130		CWD 2022
1/20/2022 4:50:20 PM	130		250 Change directory ok
1/20/2022 4:50:20 PM	130		CWD 01
1/20/2022 4:50:20 PM	130		250 Change directory ok
1/20/2022 4:50:21 PM	130		CWD 20
1/20/2022 4:50:21 PM	130		250 Change directory ok
1/20/2022 4:50:21 PM	130		MODE S
1/20/2022 4:50:21 PM	130		200 Mode is Stream
1/20/2022 4:50:21 PM	130		TYPE A
1/20/2022 4:50:21 PM	130		200 Type ASCII
1/20/2022 4:50:21 PM	130		PBSZ 0
1/20/2022 4:50:21 PM	130		200 PBSZ=0
1/20/2022 4:50:21 PM	130		PROT C
1/20/2022 4:50:21 PM	130		200 Clearing data channel
1/20/2022 4:50:21 PM	130		PASV
1/20/2022 4:50:21 PM	130		227 Entering Passive Mode (192,168,1,2,43,109)
1/20/2022 4:50:21 PM	130		STOR Front Door Cam_00_20220120165018.txt
1/20/2022 4:50:21 PM	130		150 Opening data connection
1/20/2022 4:50:21 PM	130		Successfully stored file at 'D:Cerberus2022120Front Door Cam_00_20220120165018.txt' (74 B received)
1/20/2022 4:50:21 PM	130		226 Transfer complete
1/20/2022 4:50:21 PM	130		QUIT
1/20/2022 4:50:21 PM	130		Connection terminated

boco: Contributor; Posts: 26451; Joined: 2006-05-01 03:28; Location: Germany

Re: TLS Error on FileZilla 1.2

Post

by boco » 2022-01-21 02:37

When I’m connected to my FileZilla Server, it is using ECDHE (Elliptic Curve) ciphers. AFAIK the simple DHE ciphers do not offer Perfect Forward Secrecy, and for that reason, FileZilla Server might not offer support for them.

However, only @botg or @oibaf can answer that thoroughly.

botg: Site Admin; Posts: 34742; Joined: 2004-02-23 20:49; First name: Tim; Last name: Kosse; Contact:

Re: TLS Error on FileZilla 1.2

Post

by botg » 2022-01-21 09:16

DHE does offer PFS. It is much slower though than ECDHE though, which is why if possible FileZilla negotiates ECDHE.

@CrimpOn: Could you please post a Wireshark dump of the handshake attempt between your client and FileZilla Server? That way we can see what your client attempts to negotiate.

CrimpOn: 226 Transfer OK; Posts: 80; Joined: 2021-10-01 18:25; First name: Dick; Last name: Bednar

Re: TLS Error on FileZilla 1.2

#10

Post

by CrimpOn » 2022-01-21 19:32

Wireshark capture of the camera attempting to FTP to FileZilla is here: https://www.dropbox.com/s/pg7wy96ow3xos … capng?dl=0
FileZilla server is 192.168.1.2 and the camera is 192.168.1.52.

I see the handshake where the camera connects to port 21 and the Server announces «ready for new client», and then the camera sends a TLSv1 message.
This puts the blame squarely on the camera. (Correct?)

I was a bit surprised that FileZilla does not appear to send any sort of rejection. The impression I get is that FileZilla simply stops communicating with the camera.
And then the camera ‘times out’.
Is this correct?

I really appreciate your patience.

(Now I have to ask Cerebus to explain why the camera was able to connect with Cerebus when it was set to accept ONLY TLSv1.2 and TLSv1.3. If Cerebus had rejected the camera <as it should have>, then I would not have kept bothering you. I fear Cerebus may not be as easy to communicate with as you are.)

CrimpOn: 226 Transfer OK; Posts: 80; Joined: 2021-10-01 18:25; First name: Dick; Last name: Bednar

Camera TLS Error

#12

Post

by CrimpOn » 2022-01-24 19:30

Wireshark capture of the failed FTP session between camera and FileZilla server appears to contain a fatal coding inconsistency (or does it?)
Please see line 45 and line 50 of the expanded packet. Line 45 says TLSv1 (0x301) and Line 50 says TLSv3 (0x303) and proceeds to supply all sorts of TLS parameters.
Is this coding error enough to get FileZilla to reject the connection?

Code: Select all

1	"Frame 9: 235 bytes on wire (1880 bits), 235 bytes captured (1880 bits) on interface DeviceNPF_{F233B6E4-BE24-4723-AA85-49E87A7B1E81}, id 0"
2	"Ethernet II, Src: Front_Door_Cam (68:39:43:d7:fa:24), Dst: Dicks_HP (20:25:64:0f:ba:cd)"
3	"Internet Protocol Version 4, Src: Front_Door_Cam (192.168.1.52), Dst: Dicks_HP (192.168.1.2)"
4	"Transmission Control Protocol, Src Port: 49388, Dst Port: 21, Seq: 11, Ack: 114, Len: 181"
5	    Source Port: 49388
6	    Destination Port: 21
7	    [Stream index: 0]
8	"    [Conversation completeness: Complete, WITH_DATA (31)]"
9	    [TCP Segment Len: 181]
10	    Sequence Number: 11    (relative sequence number)
11	    Sequence Number (raw): 2474896074
12	    [Next Sequence Number: 192    (relative sequence number)]
13	    Acknowledgment Number: 114    (relative ack number)
14	    Acknowledgment number (raw): 1141086550
15	    0101 .... = Header Length: 20 bytes (5)
16	"    Flags: 0x018 (PSH, ACK)"
17	        000. .... .... = Reserved: Not set
18	        ...0 .... .... = Nonce: Not set
19	        .... 0... .... = Congestion Window Reduced (CWR): Not set
20	        .... .0.. .... = ECN-Echo: Not set
21	        .... ..0. .... = Urgent: Not set
22	        .... ...1 .... = Acknowledgment: Set
23	        .... .... 1... = Push: Set
24	        .... .... .0.. = Reset: Not set
25	        .... .... ..0. = Syn: Not set
26	        .... .... ...0 = Fin: Not set
27	        [TCP Flags: ·······AP···]
28	    Window: 4009
29	    [Calculated window size: 64144]
30	    [Window size scaling factor: 16]
31	    Checksum: 0x8ca6 [unverified]
32	    [Checksum Status: Unverified]
33	    Urgent Pointer: 0
34	    [Timestamps]
35	        [Time since first frame in this TCP stream: 0.098337000 seconds]
36	        [Time since previous frame in this TCP stream: 0.000000000 seconds]
37	    [SEQ/ACK analysis]
38	        [iRTT: 0.020591000 seconds]
39	        [Bytes in flight: 181]
40	        [Bytes sent since last PSH flag: 181]
41	    TCP payload (181 bytes)
42	Transport Layer Security
43	    TLSv1 Record Layer: Handshake Protocol: Client Hello
44	        Content Type: Handshake (22)
45	        Version: TLS 1.0 (0x0301)
46	        Length: 176
47	        Handshake Protocol: Client Hello
48	            Handshake Type: Client Hello (1)
49	            Length: 172
50	            Version: TLS 1.2 (0x0303)
51	            Random: 040492e3ecb0567a28b2107000f02e418237e7737bd1c35e67fccd950ebe382f
52	"                GMT Unix Time: Feb 19, 1972 20:36:51.000000000 Pacific Standard Time"
53	                Random Bytes: ecb0567a28b2107000f02e418237e7737bd1c35e67fccd950ebe382f
54	            Session ID Length: 0
55	            Cipher Suites Length: 96
56	            Cipher Suites (48 suites)
57	                Cipher Suite: TLS_DH_DSS_WITH_AES_256_GCM_SHA384 (0x00a5)
58	                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
59	                Cipher Suite: TLS_DH_RSA_WITH_AES_256_GCM_SHA384 (0x00a1)
60	                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
61	                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
62	                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
63	                Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069)
64	                Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068)
65	                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
66	                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
67	                Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037)
68	                Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036)
69	                Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
70	                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
71	                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
72	                Cipher Suite: TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (0x00a4)
73	                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
74	                Cipher Suite: TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (0x00a0)
75	                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
76	                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
77	                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
78	                Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA256 (0x003f)
79	                Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA256 (0x003e)
80	                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
81	                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
82	                Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031)
83	                Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030)
84	                Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)
85	                Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)
86	                Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098)
87	                Cipher Suite: TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097)
88	                Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
89	                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
90	                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
91	                Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
92	                Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
93	                Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
94	                Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
95	                Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
96	                Cipher Suite: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x0010)
97	                Cipher Suite: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0x000d)
98	                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
99	                Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
100	                Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
101	                Cipher Suite: TLS_DH_RSA_WITH_DES_CBC_SHA (0x000f)
102	                Cipher Suite: TLS_DH_DSS_WITH_DES_CBC_SHA (0x000c)
103	                Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
104	                Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
105	            Compression Methods Length: 1
106	            Compression Methods (1 method)
107	                Compression Method: null (0)
108	            Extensions Length: 35
109	            Extension: session_ticket (len=0)
110	                Type: session_ticket (35)
111	                Length: 0
112	                Data (0 bytes)
113	            Extension: signature_algorithms (len=22)
114	                Type: signature_algorithms (13)
115	                Length: 22
116	                Signature Hash Algorithms Length: 20
117	                Signature Hash Algorithms (10 algorithms)
118	                    Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
119	                    Signature Algorithm: SHA512 DSA (0x0602)
120	                    Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
121	                    Signature Algorithm: SHA384 DSA (0x0502)
122	                    Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
123	                    Signature Algorithm: SHA256 DSA (0x0402)
124	                    Signature Algorithm: SHA224 RSA (0x0301)
125	                    Signature Algorithm: SHA224 DSA (0x0302)
126	                    Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
127	                    Signature Algorithm: SHA1 DSA (0x0202)
128	            Extension: heartbeat (len=1)
129	                Type: heartbeat (15)
130	                Length: 1
131	                Mode: Peer allowed to send requests (1)
132	"            [JA3 Fullstring: 771,165-163-161-159-107-106-105-104-57-56-55-54-157-61-53-164-162-160-158-103-64-63-62-51-50-49-48-154-153-152-151-156-60-47-150-5-4-22-19-16-13-10-21-18-15-12-9-255,35-13-15,,]"
133	            [JA3: dac10c3caa29f6c6ce48ae4c2fdca84a]

The camera company’s engineers suggest that I «turn off» TLS support on FileZilla, to which I respond:
#1 — That is not possible.
#2 — A modern FTP server MUST support TLS security.

What remains unexplained is why Cerebus FTP accepts the connection when it is set to accept only TLSv3. (Perhaps they ignore the coding inconsistency?)

botg: Site Admin; Posts: 34742; Joined: 2004-02-23 20:49; First name: Tim; Last name: Kosse; Contact:

Re: TLS Error on FileZilla 1.2

#13

Post

by botg » 2022-01-25 10:10

For historical reasons, the TLS version printed in the various record layer and handshake message packets are an absolute clusterfuck. Nothing to worry about here, situation normal, all fucked up.

I was a bit surprised that FileZilla does not appear to send any sort of rejection.

It cannot, as the connection is in an in-between state.

The impression I get is that FileZilla simply stops communicating with the camera. And then the camera ‘times out’.

FileZilla Server closes the connection. Not noticing that the connection got closed is the client’s issue.

According to the package dump your client doesn’t support elliptic curve cryptography, in particular it doesn’t support X.509 certificates with an elliptic curve signature. Algorithms with elliptic curve cryptography were added to TLS 1.1 as an extension in 2006, and made part of TLS 1.2 in 2008. The certificates generated by FileZilla Server are signed using ECDSA.

The best option would be to update your client to support ECDSA (and ECDHE while at it). Alternatively you could generate your TLS certificates outside of FileZilla Server signed using RSA, though this will come at the cost of more expensive handshakes as it’s a far slower algorithm.

CrimpOn: 226 Transfer OK; Posts: 80; Joined: 2021-10-01 18:25; First name: Dick; Last name: Bednar

Re: TLS Error on FileZilla 1.2

#14

Post

by CrimpOn » 2022-01-25 19:10

Thanks for the thorough explanation. (My «aha moment» being totally incorrect.)

I notice that the camera connection refers to Cipher Suites and Signature Algorithms using hex codes (0x00a5, 0x601, etc.)
Would like to direct them to a reference for the specific ECDSA and ECDHE certificate mechanisms used by FileZilla. I don’t find ECDSA or ECDHE on the RFC (pages 85-86)
https://datatracker.ietf.org/doc/html/rfc5246
Is there a better reference document?

I’m 90% certain that these guys just picked up an FTP package to bundle with their camera firmware (sigh). So incorporating support for newer algorithms may be beyond their capability. I am a bit ticked off that they use Cerebus FTP as their example platform since the least costly version of Cerebus is $500.

Tempted to look at Let’s Encrypt, but cannot find information on their web site as to which Cipher Suite they use so that I can see if the camera supports it. Definitely not worth the effort if it doesn’t.

Can you please mark this post «Solved»?

Источник

FTP OS: Windows

FTP Server: FileZilla (latest (1.0.1)

Computer OS: Windows

FluentFTP Version: 35.0.5

Attempting to upload a file to FileZilla from C# (.net 3.1) using explicit TLS fails to perform TLS handshake (note «Connect» is successful)

This can be replicated every time (I’ve done it on 3 machines) by debugging the following code after installing FileZilla on a windows machine.

FileZilla settings — Under FTP Server

Protocol: «Require explicit FTP over TLS»

I have also tried downloading the certificates via openssl and added them in to the code below, but with the same results.

 using var client = new FtpClient("127.0.0.1", 21, "orderease", "xxx")
            {
                SocketKeepAlive = true,
                ValidateAnyCertificate = true,
                SslProtocols = SslProtocols.Tls12,
                EncryptionMode = FtpEncryptionMode.Explicit,
                DataConnectionType = FtpDataConnectionType.PASV,
            };


            var ftpLog = new StringBuilder();
            client.OnLogEvent = (level, s) => { ftpLog.AppendLine(level + " - " + s); };
            client.Connect();
            client.SetWorkingDirectory("/GMS-EDI/GMS_Order");
            
            var response = client.Upload(Encoding.ASCII.GetBytes(content), $"{fileName}.txt");
            if (response == FtpStatus.Failed)
            {
                log.LogError("Failed to upload ");
                log.LogError(ftpLog.ToString());
            }

            client.Disconnect();

Logs :
Filezilla Logs

2021-10-28T18:08:42.299Z >> [FTP Session 26 127.0.0.1 orderease] SYST
2021-10-28T18:08:42.299Z << [FTP Session 26 127.0.0.1 orderease] 215 UNIX emulated by FileZilla.
2021-10-28T18:08:49.043Z >> [FTP Session 26 127.0.0.1 orderease] CWD /GMS-EDI/GMS_Order
2021-10-28T18:08:49.043Z << [FTP Session 26 127.0.0.1 orderease] 250 CWD command successful
2021-10-28T18:08:52.655Z >> [FTP Session 26 127.0.0.1 orderease] PWD
2021-10-28T18:08:52.655Z << [FTP Session 26 127.0.0.1 orderease] 257 "/GMS-EDI/GMS_Order" is current directory.
2021-10-28T18:08:52.655Z >> [FTP Session 26 127.0.0.1 orderease] SIZE /GMS-EDI/GMS_Order/SPISO-20211028124510-N.txt
2021-10-28T18:08:52.655Z << [FTP Session 26 127.0.0.1 orderease] 213 892
2021-10-28T18:08:52.656Z >> [FTP Session 26 127.0.0.1 orderease] DELE SPISO-20211028124510-N.txt
2021-10-28T18:08:52.656Z << [FTP Session 26 127.0.0.1 orderease] 250 File deleted successfully.
2021-10-28T18:08:52.657Z >> [FTP Session 26 127.0.0.1 orderease] TYPE I
2021-10-28T18:08:52.657Z << [FTP Session 26 127.0.0.1 orderease] 200 Type set to I
2021-10-28T18:08:52.660Z >> [FTP Session 26 127.0.0.1 orderease] PASV
2021-10-28T18:08:52.660Z VV [FTP Session 26 127.0.0.1 orderease] Trying: data_listen_socket_->listen(1, 0)
2021-10-28T18:08:52.660Z << [FTP Session 26 127.0.0.1 orderease] 227 Entering Passive Mode (127,0,0,1,204,126)
2021-10-28T18:08:52.661Z VV [FTP Session 26 127.0.0.1 orderease] session::on_socket_event(): source = data listen, flag = 2, error = 0, state = -1
2021-10-28T18:08:52.662Z VV [FTP Session 26 127.0.0.1 orderease] tls_layer_impl::server_handshake()
2021-10-28T18:08:52.662Z VV [FTP Session 26 127.0.0.1 orderease] tls_layer_impl::continue_handshake()
2021-10-28T18:08:52.662Z VV [FTP Session 26 127.0.0.1 orderease] tls_layer_impl::continue_handshake()
2021-10-28T18:08:52.662Z >> [FTP Session 26 127.0.0.1 orderease] STOR SPISO-20211028124510-N.txt
2021-10-28T18:08:52.662Z << [FTP Session 26 127.0.0.1 orderease] 150 Starting data transfer.
2021-10-28T18:08:52.663Z VV [FTP Session 26 127.0.0.1 orderease] tls_layer_impl::continue_handshake()
2021-10-28T18:08:52.666Z VV [FTP Session 26 127.0.0.1 orderease] tls_layer_impl::continue_handshake()
2021-10-28T18:08:52.666Z II [FTP Session 26 127.0.0.1 orderease] TLS Handshake successful
2021-10-28T18:08:52.666Z II [FTP Session 26 127.0.0.1 orderease] TLS Session resumed
2021-10-28T18:08:52.666Z II [FTP Session 26 127.0.0.1 orderease] Protocol: TLS1.2, Key exchange: ECDHE-X25519, Cipher: AES-256-GCM, MAC: AEAD
2021-10-28T18:08:52.666Z VV [FTP Session 26 127.0.0.1 orderease] session::on_socket_event(): source = data, flag = 2, error = 0, state = 2
2021-10-28T18:08:52.667Z !! [FTP Session 26 127.0.0.1 orderease] GnuTLS error -110 in gnutls_record_recv: The TLS connection was non-properly terminated.
2021-10-28T18:08:52.667Z == [FTP Session 26 127.0.0.1 orderease] Client did not properly shut down TLS connection
2021-10-28T18:08:52.667Z VV [FTP Session 26 127.0.0.1 orderease] tls_layer_impl::shutdown()
2021-10-28T18:08:52.667Z VV [FTP Session 26 127.0.0.1 orderease] data_socket_->shutdown() = 126
2021-10-28T18:08:52.667Z << [FTP Session 26 127.0.0.1 orderease] 425 Error while transfering data: ECONNABORTED - Connection aborted
2021-10-28T18:08:52.667Z VV [FTP Session 26 127.0.0.1 orderease] session::close_data_connection() = 1
2021-10-28T18:08:57.659Z !! [FTP Session 26 127.0.0.1 orderease] Control channel closed with error from source 0. Reason: ECONNABORTED - Connection aborted.
2021-10-28T18:08:57.659Z !! [FTP Server] Session ended with error from source 0. Reason: ECONNABORTED - Connection aborted.

FluentFTP logs


[2021-10-28T18:18:49.266Z] Failed to upload
[2021-10-28T18:18:49.903Z] Verbose - >         Connect()
[2021-10-28T18:18:49.904Z] Info - Status:   Connecting to 127.0.0.1:21
[2021-10-28T18:18:49.905Z] Verbose - Response: 220-FileZilla Server 1.0.1
[2021-10-28T18:18:49.905Z] Info - Response: 220 Please visit https://filezilla-project.org/
[2021-10-28T18:18:49.906Z] Info - Status:   Detected FTP server: FileZilla
[2021-10-28T18:18:49.907Z] Info - Command:  AUTH TLS
[2021-10-28T18:18:49.908Z] Info - Response: 234 Using authentication type TLS.
[2021-10-28T18:18:49.909Z] Info - Status:   FTPS Authentication Successful
[2021-10-28T18:18:49.910Z] Verbose - Status:   Time to activate encryption: 0h 0m 0s.  Total Seconds: 0.0273426.
[2021-10-28T18:18:49.911Z] Info - Command:  USER orderease
[2021-10-28T18:18:49.912Z] Info - Response: 331 Please, specify the password.
[2021-10-28T18:18:49.913Z] Info - Command:  PASS ***
[2021-10-28T18:18:49.914Z] Info - Response: 230 Login successful.
[2021-10-28T18:18:49.915Z] Info - Command:  PBSZ 0
[2021-10-28T18:18:49.916Z] Info - Response: 200 PBSZ=0
[2021-10-28T18:18:49.917Z] Info - Command:  PROT P
[2021-10-28T18:18:49.918Z] Info - Response: 200 Protection level set to P
[2021-10-28T18:18:49.919Z] Info - Command:  FEAT
[2021-10-28T18:18:49.920Z] Verbose - Response: 211-Features:
Response: MDTM
Response: REST STREAM
Response: SIZE
Response: MLST type*;size*;modify*;perm*;
Response: MLSD
Response: AUTH SSL
Response: AUTH TLS
Response: PROT
Response: PBSZ
Response: UTF8
Response: TVFS
Response: EPSV
Response: EPRT
Response: MFMT
[2021-10-28T18:18:49.923Z] Info - Response: 211 End
[2021-10-28T18:18:49.924Z] Info - Status:   Text encoding: System.Text.UTF8Encoding+UTF8EncodingSealed
[2021-10-28T18:18:49.925Z] Info - Command:  OPTS UTF8 ON
[2021-10-28T18:18:49.926Z] Info - Response: 202 UTF8 mode is always enabled. No need to send this command
[2021-10-28T18:18:49.927Z] Info - Command:  SYST
[2021-10-28T18:18:49.928Z] Info - Response: 215 UNIX emulated by FileZilla.
[2021-10-28T18:18:49.930Z] Verbose - >         SetWorkingDirectory("/GMS-EDI/GMS_Order")
[2021-10-28T18:18:49.931Z] Info - Command:  CWD /GMS-EDI/GMS_Order
[2021-10-28T18:18:49.932Z] Info - Response: 250 CWD command successful
[2021-10-28T18:18:49.933Z] Verbose - >         Upload("SPISO-20211028124510-N.txt", Overwrite, False)
[2021-10-28T18:18:49.934Z] Verbose - >         FileExists("SPISO-20211028124510-N.txt")
[2021-10-28T18:18:49.935Z] Verbose - Status:   Testing connectivity using Socket.Poll()...
[2021-10-28T18:18:49.936Z] Info - Command:  PWD
[2021-10-28T18:18:49.939Z] Info - Response: 257 "/GMS-EDI/GMS_Order" is current directory.
[2021-10-28T18:18:49.940Z] Info - Command:  SIZE /GMS-EDI/GMS_Order/SPISO-20211028124510-N.txt
[2021-10-28T18:18:49.941Z] Info - Response: 213 892
[2021-10-28T18:18:49.942Z] Verbose - >         DeleteFile("SPISO-20211028124510-N.txt")
[2021-10-28T18:18:49.943Z] Info - Command:  DELE SPISO-20211028124510-N.txt
[2021-10-28T18:18:49.944Z] Info - Response: 250 File deleted successfully.
[2021-10-28T18:18:49.946Z] Verbose - >         OpenWrite("SPISO-20211028124510-N.txt", Binary)
[2021-10-28T18:18:49.948Z] Info - Command:  TYPE I
[2021-10-28T18:18:49.950Z] Info - Response: 200 Type set to I
[2021-10-28T18:18:49.951Z] Verbose - >         OpenPassiveDataStream(PASV, "STOR SPISO-20211028124510-N.txt", 0)
[2021-10-28T18:18:49.954Z] Info - Command:  PASV
[2021-10-28T18:18:49.955Z] Info - Response: 227 Entering Passive Mode (127,0,0,1,244,130)
[2021-10-28T18:18:49.956Z] Info - Status:   Connecting to 127.0.0.1:62594
[2021-10-28T18:18:49.957Z] Info - Command:  STOR SPISO-20211028124510-N.txt
[2021-10-28T18:18:49.958Z] Info - Response: 150 Starting data transfer.
[2021-10-28T18:18:49.959Z] Info - Status:   FTPS Authentication Successful
[2021-10-28T18:18:49.961Z] Verbose - Status:   Time to activate encryption: 0h 0m 0s.  Total Seconds: 0.0057162.
[2021-10-28T18:18:49.962Z] Verbose - Status:   Disposing FtpSocketStream...
[2021-10-28T18:18:49.963Z] Info - Response: 425 Error while transfering data: ECONNABORTED - Connection aborted

Источник

nukiebe: Posts: 4; Joined: 20 Mar 2022, 12:53

FTP to Filezilla server cannot connect implicit or explicit

When I try to connect with a Filezilla FTP server with explicit login I will get this error in Cobian:

Testing your ftp settings…

Licence expiry date: 31/12/9999
Set LocalDirectory to C:WINDOWSsystem32
Licence expiry date: 31/12/9999
waitOnShutdownSSL=True
SetActivePortRange(1024,64000). NextPort=9741
StrictReturnCodes=False
Setting socket timeout=120000
SecureSocket timeout=120000
SecureSocket timeout=120000
Command encoding=System.Text.SBCSCodePageEncoding
Setting socket buffer sizes=-1
220-FileZilla Server 1.3.0
220 Please visit https://filezilla-project.org/
SetSSLProtocol: min=TLS12, max=TLS12
—> AUTH TLS
234 Using authentication type TLS.
Starting handshake
ECDHE_RSA_AES_128_SHA
ECDHE_RSA_AES_256_SHA
RSA_AES_128_GCM_SHA256
RSA_AES_256_GCM_SHA384
DHE_RSA_AES_128_GCM_SHA256
DHE_RSA_AES_256_GCM_SHA384
ECDHE_RSA_AES_128_GCM_SHA256
ECDHE_RSA_AES_256_GCM_SHA384
DHE_RSA_AES_128_SHA
DHE_RSA_AES_128_SHA256
DHE_RSA_AES_256_SHA
DHE_RSA_AES_256_SHA256
DHE_RSA_AES_256_SHA256
RSA_AES_128_SHA
RSA_AES_128_SHA256
RSA_AES_256_SHA256
RSA_AES_256_SHA
ECDHE_RSA_3DES_SHA
DHE_RSA_3DES_SHA
RSA_3DES_168_SHA
DHE_RSA_DES_SHA
Handshake started
Waiting for handshake completion
OnReceive closing (size == 0)
CloseConnection(e=null)
Shut down socket
Closed socket
Close() called when open
OnReceive — caught exception — closing: Socket closed before handshake is complete (2)
CloseConnection(e=Socket closed before handshake is complete (2))
OnHandshakeComplete — waiting for lock
OnHandshakeComplete — in lock
OnHandshakeComplete — exiting lock
OnHandshakeComplete — exit
Exception during handshake
Socket closed before handshake is complete (2)

When I look in de Filezilla server log, I will find this:

2022-03-20T12:11:12.955Z II [FTP Session 1 xx.xxx.xxx.xxx] Session 0x1820f6d6c0 with ID 1 created.
2022-03-20T12:11:13.144Z >> [FTP Session 1 xx.xxx.xxx.xxx] AUTH TLS
2022-03-20T12:11:13.144Z << [FTP Session 1 xx.xxx.xxx.xxx] 234 Using authentication type TLS.
2022-03-20T12:11:13.144Z VV [FTP Session 1 xx.xxx.xxx.xxx] tls_layer_impl::server_handshake()
2022-03-20T12:11:13.144Z VV [FTP Session 1 xx.xxx.xxx.xxx] tls_layer_impl::continue_handshake()
2022-03-20T12:11:13.144Z VV [FTP Session 1 xx.xxx.xxx.xxx] tls_layer_impl::continue_handshake()
2022-03-20T12:11:13.441Z VV [FTP Session 1 xx.xxx.xxx.xxx] tls_layer_impl::continue_handshake()
2022-03-20T12:11:13.441Z !! [FTP Session 1 xx.xxx.xxx.xxx] GnuTLS error -87: No supported cipher suites have been found.
2022-03-20T12:11:13.441Z !! [FTP Session 1 xx.xxx.xxx.xxx] Control channel closed with error from source 0. Reason: ECONNABORTED — Connection aborted.
2022-03-20T12:11:13.441Z !! [FTP Server] Session 1 ended with error from source 0. Reason: ECONNABORTED — Connection aborted.
2022-03-20T12:11:13.441Z II [FTP Session 1 xx.xxx.xxx.xxx] Session 0x1820f6d6c0 with ID 1 destroyed.

What is wrong?
When I connect «unsecured», It will work without problems.

nukiebe: Posts: 4; Joined: 20 Mar 2022, 12:53

Re: FTP to Filezilla server cannot connect implicit or explicit

Post

by nukiebe » 20 Mar 2022, 22:54

I have tried almost all combinations of min and max SSL versions, but without result.
The Filezilla server runs on Windows. Its version is 1.3.0 (latest).
With another Filezilla server on Windows — but version 1.1.0 — Cobian doesn’t have the problem.
But Filezilla Client does connect with the Filezilla server 1.3.0 (and 1.1.0) without problems.

So the problem seems to be related to the combination Filezilla server 1.3.0 and Cobian.

nukiebe: Posts: 4; Joined: 20 Mar 2022, 12:53

Re: FTP to Filezilla server cannot connect implicit or explicit

Post

by nukiebe » 08 Sep 2022, 11:01

Hi,
Is there already any improvement on this item?
Are the libraries you are using already updated?

Cobian is a very good choice for me, but unusable for the moment because many FTP sites use Filezilla >v1.1.
I need to FTP to a dozen of FTP sites of clients of us. I cannot ask them to change their certificate.

cobian: Site Admin; Posts: 3023; Joined: 31 Oct 2020, 01:25; Location: Sweden; Contact:

likedi: Posts: 1; Joined: 06 Nov 2021, 11:48

Re: FTP to Filezilla server cannot connect implicit or explicit

Post

by likedi » 22 Jan 2023, 21:39

Hi, long time Cobian user, few times supporter here

I have the same issue as OP.

Has anyone tried a different certificate, like Lets Encrypt option in FileZilla for example? Is the issue only with FileZilla self-generated certificate, or its how the certificate is used regardless of the certificate issuer?

Thanks!

Источник

asked

Mar 25, 2022

in .NET FTP

by

(180 points)

Hello

Anyone having problems with SecureFTPConnection and Filezilla server 1.3.0? With an insecure setup, the connection is OK. With Explicit only setup there is no way to connect.

The client debug mode :

Testing your ftp settings…

Set LocalDirectory to D:Projects

waitOnShutdownSSL=True

StrictReturnCodes=False

Setting socket timeout=120000

SecureSocket timeout=120000

SecureSocket timeout=120000

Command encoding=System.Text.SBCSCodePageEncoding

Setting socket buffer sizes=-1

220-FileZilla Server 1.3.0

220 Please visit https://filezilla-project.org/

SetSSLProtocol: min=DETECT, max=DETECT

—> AUTH TLS

234 Using authentication type TLS.

Starting handshake

ECDHE_RSA_AES_128_SHA

ECDHE_RSA_AES_256_SHA

RSA_AES_128_GCM_SHA256

RSA_AES_256_GCM_SHA384

DHE_RSA_AES_128_GCM_SHA256

DHE_RSA_AES_256_GCM_SHA384

ECDHE_RSA_AES_128_GCM_SHA256

ECDHE_RSA_AES_256_GCM_SHA384

DHE_RSA_AES_128_SHA

DHE_RSA_AES_128_SHA256

DHE_RSA_AES_256_SHA

DHE_RSA_AES_256_SHA256

DHE_RSA_AES_256_SHA256

RSA_AES_128_SHA

RSA_AES_128_SHA256

RSA_AES_256_SHA256

RSA_AES_256_SHA

ECDHE_RSA_3DES_SHA

DHE_RSA_3DES_SHA

RSA_3DES_168_SHA

DHE_RSA_DES_SHA

Handshake started

Waiting for handshake completion

OnReceive closing (size == 0)

CloseConnection(e=null)

Shut down socket

Closed socket

Close() called when open

OnReceive — caught exception — closing: Socket closed before handshake is complete (2)

CloseConnection(e=Socket closed before handshake is complete (2))

OnHandshakeComplete — waiting for lock

OnHandshakeComplete — in lock

OnHandshakeComplete — exiting lock

OnHandshakeComplete — exit

Exception during handshake

Socket closed before handshake is complete (2)

On the server side I got:

2022-03-24T19:31:12.791Z II [FTP Session 25 127.0.0.1] Session 0x1d6a3247930 with ID 25 created.

2022-03-24T19:31:12.854Z >> [FTP Session 25 127.0.0.1] AUTH TLS

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] securer(1) ENTERING state = 0

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] calling tls_layer_->set_certificate_file(«C:Windowssystem32configsystemprofileAppDataLocalfilezilla-servercertificatescc4c3012da89d57f85610ff2c14d26483cf9352a4c0e4a0e8c2e9502299de874key.pem», «C:Windowssystem32configsystemprofileAppDataLocalfilezilla-servercertificatescc4c3012da89d57f85610ff2c14d26483cf9352a4c0e4a0e8c2e9502299de874cert.pem», «****»)

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] securer(1) EXITING state = 1

2022-03-24T19:31:12.854Z << [FTP Session 25 127.0.0.1] 234 Using authentication type TLS.

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] ~securer(1) ENTERING state = 1

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] calling tls_layer_->set_alpn()

2022-03-24T19:31:12.854Z VV [FTP Session 25 127.0.0.1] tls_layer_impl::server_handshake()

2022-03-24T19:31:12.854Z VV [FTP Session 25 127.0.0.1] tls_layer_impl::continue_handshake()

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] ~securer(1) EXITING state = 2

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] tls_layer_impl::on_send()

2022-03-24T19:31:12.854Z VV [FTP Session 25 127.0.0.1] tls_layer_impl::continue_handshake()

2022-03-24T19:31:13.148Z DD [FTP Session 25 127.0.0.1] tls_layer_impl::on_read()

2022-03-24T19:31:13.148Z VV [FTP Session 25 127.0.0.1] tls_layer_impl::continue_handshake()

2022-03-24T19:31:13.148Z DD [FTP Session 25 127.0.0.1] TLS handshakep: Received CLIENT HELLO

2022-03-24T19:31:13.148Z DD [FTP Session 25 127.0.0.1] tls_layer_impl::failure(-347)

2022-03-24T19:31:13.148Z !! [FTP Session 25 127.0.0.1] GnuTLS error -347: A connection with inappropriate fallback was attempted.

2022-03-24T19:31:13.148Z !! [FTP Session 25 127.0.0.1] Control channel closed with error from source 0. Reason: ECONNABORTED — Connection aborted.

2022-03-24T19:31:13.149Z !! [FTP Server] Session 25 ended with error from source 0. Reason: ECONNABORTED — Connection aborted.

2022-03-24T19:31:13.149Z II [FTP Session 25 127.0.0.1] Session 0x1d6a3247930 with ID 25 destroyed.

-347: A connection with inappropriate fallback was attempted. seems to be the problem here. The server is at minimum TLS 1.2 and the client is using all possible cipher methods.

Источник

14.06.2018, 11:15. Показов 30521. Ответов 14

Здравствуйте, у меня возникла проблема при подключении к ftp серверу через интернет (через LAN всё работает). Вчера настроил ftp сервер у себя на домашнем компьютере через программу FileZilla Server для Windows последней версии скаченной с официального сайта. На компьютере установлена Windows 10 Pro x64. У провайдера подключен статический ip-адрес. на роутере открыты следующие порты 6112-6119, 80, 21, 990, 51000-52000. Скриншоты с настройками FileZilla Server приложу ближе к вечеру. В брандмауэре FilleZilla Server. exe добавлена в исключения на все порты. Сейчас могу сказать лишь то, что открытые порты успешно прослушиваются (проверяю через сайт whatsmyip.com), т.е. этот сайт выдает при проверке портов 21, 990 зеленую надпись «OPEN». Так же через сайт ftptest.net (Explicit FTP over TLS) проходит успешное подключение к моему ftp серверу, вот логи:

Кликните здесь для просмотра всего текста

Status: Resolving address of 93.159.235.157
Status: Connecting to 93.159.235.157
Warning: The entered address does not resolve to an IPv6 address.
Status: Connected, waiting for welcome message…
Reply: 220-FileZilla Server 0.9.60 beta
Reply: 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
Reply: 220 Please visit https://filezilla-project.org/
Command: CLNT https://ftptest.net on behalf of 85.30.254.36
Reply: 200 Don’t care
Command: AUTH TLS
Reply: 234 Using authentication type TLS
Status: Performing TLS handshake…
Status: TLS handshake successful, verifying certificate…
Status: Received 1 certificates from server.
Status: cert[0]: subject=’CN=93.159.235.157,C=RU,ST=Moscow,L=Moscow ,O=RANEPA,OU=Bookkeeping,EMAIL=semikin.in@gmail.co m’ issuer=’CN=93.159.235.157,C=RU,ST=Moscow,L=Moscow, O=RANEPA,OU=Bookkeeping,EMAIL=semikin.in@gmail.com ‘
Command: USER semikin.in
Reply: 331 Password required for semikin.in
Command: PASS ********
Reply: 230 Logged on
Command: SYST
Reply: 215 UNIX emulated by FileZilla
Command: FEAT
Reply: 211-Features:
Reply: MDTM
Reply: REST STREAM
Reply: SIZE
Reply: MLST type*;size*;modify*;
Reply: MLSD
Reply: AUTH SSL
Reply: AUTH TLS
Reply: PROT
Reply: PBSZ
Reply: UTF8
Reply: CLNT
Reply: MFMT
Reply: EPSV
Reply: EPRT
Reply: 211 End
Command: PBSZ 0
Reply: 200 PBSZ=0
Command: PROT P
Reply: 200 Protection level set to P
Command: PWD
Reply: 257 «/» is current directory.
Status: Current path is /
Command: TYPE I
Reply: 200 Type set to I
Command: PASV
Reply: 227 Entering Passive Mode (93,159,235,157,203,14)
Command: MLSD
Status: Data connection established, performing TLS handshake…
Status: TLS handshake successful, verifying certificate…
Status: Received 1 certificates from server.
Status: cert[0]: subject=’CN=93.159.235.157,C=RU,ST=Moscow,L=Moscow ,O=RANEPA,OU=Bookkeeping,EMAIL=semikin.in@gmail.co m’ issuer=’CN=93.159.235.157,C=RU,ST=Moscow,L=Moscow, O=RANEPA,OU=Bookkeeping,EMAIL=semikin.in@gmail.com ‘
Status: TLS session of transfer connection has been resumed.
Reply: 150 Opening data channel for directory listing of «/»
Reply: 226 Successfully transferred «/»
Listing: type=file;modify=20180511093006;size=3833; applications.html
Listing: type=file;modify=20170227093600;size=177; bitnami.css
Listing: type=dir;modify=20180601182120; dashboard
Listing: type=dir;modify=20180601183158; eclipse-workspace
Listing: type=file;modify=20150716153232;size=30894; favicon.ico
Listing: type=dir;modify=20180601182120; img
Listing: type=file;modify=20150716153232;size=260; index.php
Listing: type=dir;modify=20180601182118; webalizer
Listing: type=dir;modify=20180601182120; xampp
Status: Success

Как видите все файлы прогрузились, но вот через FileZilla Client папки не грузятся, вот лог:

Кликните здесь для просмотра всего текста

Статус: Соединяюсь с 93.159.235.157:990…
Статус: Соединение установлено, инициализация TLS…
Статус: Проверка сертификата…
Статус: TLS соединение установлено, ожидаю приветственное сообщение…
Статус: Авторизовались
Статус: Получение списка каталогов…
Команда: PWD
Ответ: 257 «/» is current directory.
Команда: TYPE I
Ответ: 200 Type set to I
Команда: PORT 93,159,235,157,199,192
Ответ: 421 Rejected command, requested IP address does not match control connection IP.
Команда: PASV
Ответ: 227 Entering Passive Mode (93,159,235,157,202,231)
Команда: MLSD
Ошибка: Соединение передачи данных не может быть установлено: ECONNREFUSED — Соединение отклонено сервером
Ответ: 425 Can’t open data connection for transfer of «/»
Ошибка: Не удалось получить список каталогов

Наверное следует, также добавить, что подключаюсь с работы, крупной организации со своей локальной сетью типа интранет, могут ли настройки сети мешать подключению?

__________________
Помощь в написании контрольных, курсовых и дипломных работ, диссертаций здесь

Источник

Время прочтения
2 мин

Просмотры 38K

Вы тоже столкнулись с ошибкой ECONNREFUSED — connection refused by server в FileZilla? Тогда здорово, что вы нашли это руководство. Я покажу вам три метода, как можно исправить эту ошибку FTP.

Первый Метод. Изменение Дефолтного Значения Порта FileZilla

Причиной ошибки может быть неправильный порт при подключении через FileZilla. В этой ситуации вам просто нужно изменить порт FTP по умолчанию на дефолтный номер порта SFTP. Просто измените 21 на 22 в поле ввода “Port”.

Второй Метод. Отключение Антивируса/Брандмауэра

Иногда эта ошибка может возникать, когда антивирусное программное обеспечение и/или брандмауэр отказывает FileZilla в попытках установить соединение.

В случае, если антивирус или брандмауэр вызывает ECONNREFUSED, вам нужно просто отключить это ПО, а затем снова подключиться. Сначала я покажу вам, как это сделать в macOS:

Нажмите на иконку “Apple” в верхнем меню. Перейдите в “System Preferences”.
Найдите раздел настроек “Security & Privacy”.
Перейдите во вкладку “Firewall” и выберите “Turn Off Firewall”.

Если вы используете Windows, выполните следующие действия:

В строке поиска по Windows введите запрос “Control Panel”.
Затем перейдите в раздел “System & Security” и найдите “Windows Defender Firewall”.
В меню слева найдите “Turn Windows Defender Firewall on or off”.
Измените параметры, чтобы отключить брандмауэр Защитника Windows для общедоступных и частных сетей в следующем окне и нажмите “Ok”.

Подробней о том, как деактивировать разное антивирусное программное обеспечение можно прочитать здесь (англ).

Если отключение антивируса или брандмауэра не помогло и вы по-прежнему получаете ошибку «ECONNREFUSED — connection refused by server», попробуйте следующий метод.

Третий Метод. Изменение Мастера Настройки Сети FileZilla

Что делать, если предыдущие решения не принесли желаемого результата? Чтобы исправить ошибку, вы также можете попробовать изменить конфигурации сети FileZilla:

Подключитесь к FTP-клиенту FileZilla, затем перейдите в “Edit” и выберите “Network Configuration Wizard”.
Когда появится окно “Firewall and router configuration wizard”, нажмите “Next”, чтобы продолжить.
В качестве режима передачи по умолчанию выберите “Passive (recommended)”. Также отметьте галочкой “Allow fallback to another transfer mode on failure”.
Выберите “Use server’s external IP address instead”.
Выберите “Get the external IP address from the following URL”. Введите значение по умолчанию в случае, если поле ввода не заполнено (значение по умолчанию — это URL ip.filezilla-project.org/ip.php), нажмите “Next”, чтобы продолжить.
Не изменяйте настройки диапазона портов, просто выберите “Ask operating system for a port” и нажмите “Next”.

На этом этапе вам необходимо убедиться, что все настройки были выполнены правильно. Нажмите кнопку “Test”, чтобы FileZilla попыталась установить соединение с probe.filezilla-project.org. Программа выполнит несколько простых тестов.

Если тестирование пройдет без сбоев, попробуйте снова подключиться к вашей учетной записи хостинга. В этот раз все должно работать отлично. Если же ошибка ECONNREFUSED все равно не исчезла, обратитесь в службу поддержки вашего хостинга.

Выводы

Вот и все. Это и есть три метода, как исправить ошибку «ECONNREFUSED — connection refused by server». Надеемся, что один из них таки поможет вам решить проблему с FileZilla. Если у вас остались вопросы или вы знаете другие решения, не стесняйтесь оставить комментарий!

Источник

I am trying to make an FTPS connection to a server of mine running filezilla server. Its set to require explicit FTPS (min TLS v1.2) and has a public wildcard certificate (issued by major public CA). This configuration is tested working from various FTPS clients at different locations. Should probably say that I’m a network/infrastructure guy and configure servers/networks/certificates all day long. The FTPS server is good.

However adding an FTPS connection within the Kodi interface does not work. It cannot make a connection. Upon investigation heres what the client kodi logs and the filezilla server logs show. IP’s/Domains changed for privacy of course.

KODI LOG:

2022-04-25 07:31:29.882 T:1002    DEBUG <general>: CurlFile::Open(0xff8e0700) ftps://USERNAME:[email protected]:21/
2022-04-25 07:31:29.882 T:1002    DEBUG <general>: easy_acquire - Created session to ftps://FTP.MYSERVERHERE.COM
2022-04-25 07:31:30.097 T:1002    DEBUG <general>: Curl::Debug - TEXT:   Trying 1.1.1.1:21...
2022-04-25 07:31:30.127 T:1002    DEBUG <general>: Curl::Debug - TEXT: Connected to FTP.MYSERVERHERE.COM (1.1.1.1) port 21 (#0)
2022-04-25 07:31:30.143 T:1002    DEBUG <general>: Curl::Debug - TEXT: successfully set certificate verify locations:
2022-04-25 07:31:30.143 T:1002    DEBUG <general>: Curl::Debug - TEXT:  CAfile: /run/libreelec/cacert.pem
2022-04-25 07:31:30.143 T:1002    DEBUG <general>: Curl::Debug - TEXT:  CApath: none
2022-04-25 07:31:30.144 T:1002    DEBUG <general>: Curl::Debug - SSL_DATA_OUT:
2022-04-25 07:31:30.144 T:1002    DEBUG <general>: Curl::Debug - TEXT: TLSv1.3 (OUT), TLS handshake, Client hello (1):
2022-04-25 07:31:30.144 T:1002    DEBUG <general>: Curl::Debug - SSL_DATA_OUT:
2022-04-25 07:31:30.144 T:1002    DEBUG <general>: Curl::Debug - SSL_DATA_OUT: e▒▒▒▒@}
2022-04-25 07:31:30.144 T:1002    DEBUG <general>: Curl::Debug - SSL_DATA_OUT: ▒
2022-04-25 07:31:30.144 T:1002    DEBUG <general>: Curl::Debug - SSL_DATA_OUT:
2022-04-25 07:31:30.144 T:1002     INFO <general>: Skipped 2 duplicate messages..
2022-04-25 07:31:30.144 T:1002    DEBUG <general>: Curl::Debug - SSL_DATA_OUT:

2022-04-25 07:31:30.157 T:1002    DEBUG <general>: Curl::Debug - SSL_DATA_IN: 220-F
2022-04-25 07:31:30.157 T:1002    DEBUG <general>: Curl::Debug - TEXT: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
2022-04-25 07:31:30.157 T:1002    DEBUG <general>: Curl::Debug - TEXT: Closing connection 0
2022-04-25 07:31:30.159 T:1002    ERROR <general>: CCurlFile::FillBuffer - Failed: SSL connect error(35)
2022-04-25 07:31:30.159 T:1002    ERROR <general>: CCurlFile::Open failed with code 0 for ftps://USERNAME:[email protected]:21/:

2022-04-25 07:31:30.159 T:1002    ERROR <general>: GetDirectory - Error getting ftps://USERNAME:[email protected]:21/



SERVER LOG:

2022-04-25T06:36:26.058Z !! [FTP Session 1 5.5.5.5] Control channel closed with error from source 0. Reason: ECONNABORTED - Connection aborted.
2022-04-25T06:36:26.058Z !! [FTP Server] Session 1 ended with error from source 0. Reason: ECONNABORTED - Connection aborted.
2022-04-25T06:36:31.789Z !! [FTP Session 2 5.5.5.5] Control channel closed with error from source 1. Reason: EINVAL - Invalid argument passed.
2022-04-25T06:36:31.790Z !! [FTP Server] Session 2 ended with error from source 0. Reason: EINVAL - Invalid argument passed.
2022-04-25T06:36:38.577Z !! [FTP Session 3 5.5.5.5] Control channel closed with error from source 0. Reason: ECONNABORTED - Connection aborted.
2022-04-25T06:36:38.577Z !! [FTP Server] Session 3 ended with error from source 0. Reason: ECONNABORTED - Connection aborted.
2022-04-25T06:36:40.889Z !! [FTP Session 4 5.5.5.5] Control channel closed with error from source 1. Reason: EINVAL - Invalid argument passed.
2022-04-25T06:36:40.889Z !! [FTP Server] Session 4 ended with error from source 0. Reason: EINVAL - Invalid argument passed.

Display More

This is the line of concern:

TEXT: error:1408F10B:SSL routines:ssl3_get_record:wrong version number

From my research, it appears this Curl FTPS library is having a hard time dealing with TLS 1.2 or above and actually looks like its trying to use SSLv3, which of course will fail.

Any ideas?

- #2
Sorry forgot to add, I am running kodi 19.4 under libreelec 10.0.2.
- #3
Full log:

Content embedded from external sources will not be displayed without your consent.

Through the activation of external content, you agree that personal data may be transferred to third party platforms. We have provided more information on this in our privacy policy.
- #4
Just stumbled across this.

https://everything.curl.dev/ftp/ftps

I wonder if this is what is happening. My FTP server is configured for Explicit TLS rather than Implicit (since its deprecated in filezilla server) and that CURL doc says the correct way to handle Explicit FTPS is to use ftp:// and NOT ftps://, but then to add the «—ssl-reqd» flag on the curl command.

I guess that flag can’t be added to the URL in KODI? How about adding |AUTH=tls instead? So ftp://user:[email protected]/Movies|AUTH=tls
- #5
ftps:// is FTP over SSL and you are trying to connect to ftp server with starttls extension support.

if you select to use FTP with Starttls, nothing stops you from providing FTP over SSL to maximize client base. Those services do not conflict with each other.

If you want to secure and keep it simple, use SFTP. It needs just one port.
- #6
Im not using FTP over SSH, FTPS is fine.

I have actually resolved the problem just this minute. FTPS:// is for implicit TLS, whereas FTP:// with an auth=tls flag at the end is for explicit TLS.

Please see here:

LibCurl FTPS is attempting to use SSLv3 and failing connections
- #7
If you point TLS client at plain text service port or closed port, it will attempt to negotiate down to last version it is allowed to talk to. Fallback from TLSv1 is SSLv3.

User error is not a bug.

Источник

Forums
FTP
[SOLVED] Disconnected From Server: ECONNABORTED Connection Aborted

this page will give you the details on how to fix a problem error with your filezilla ftp client [4542], Last Updated: Sun Nov 27, 2022

webune

Mon Jun 08, 2015

8 Comments

30646 Visits

Nov. 2021 Update: I started getting this error when I upgraded to the newest version. I had to uninstall Filezilla and re-install the previous version which was Filezilla 3.55.1 — I don’t know why the latest version I started to get these errors.

Solution: Roll back to an older version of Filezilla. I would imagine Filezilla is aware of this and hopefully they will fix it on the next release but for now, the quickest solution for me was to roll back my version to 3.55.1

Filezilla is a free and open source FTP client. It is well maintained, secured and reliable software to manage your file transfers over networks. Sometimes you may come across some errors, one of the errors we will fix is Disconnected from server: ECONNABORTED — Connection aborted We will help you with the following:

Identify the error
Resolve the error
Prevent future errors
Provide an image of Error Resolution

If you are using Filezilla and you all of the sudden get this error:

Disconnected from server: ECONNABORTED — Connection aborted

I had the same issue, all you need to do is go to the Filezilla application and select the following configuration settings:

Edit > Settings > FTP > Transfer Mode: Select Active Mode (see image below for example)

Close Filezilla and restart, try to connect to your FTP server again, this time, the directory listing should work OK without any more errors.

If this procedure does not work for you, try updating Filezilla . Usually that will resolve any problems. If you need further assistance, please let us know what other errors you are experiencing with your FTP client.

Источник

TLS Error on FileZilla 1.2 (solved)

Re: TLS Error on FileZilla 1.2

Re: TLS Error on FileZilla 1.2

Re: TLS Error on FileZilla 1.2

Re: TLS Error on FileZilla 1.2

Re: TLS Error on FileZilla 1.2

Re: TLS Error on FileZilla 1.2

Re: TLS Error on FileZilla 1.2

Re: TLS Error on FileZilla 1.2

Re: TLS Error on FileZilla 1.2

Camera TLS Error

Re: TLS Error on FileZilla 1.2

Re: TLS Error on FileZilla 1.2

FTP to Filezilla server cannot connect implicit or explicit

Re: FTP to Filezilla server cannot connect implicit or explicit

Re: FTP to Filezilla server cannot connect implicit or explicit

Re: FTP to Filezilla server cannot connect implicit or explicit

Первый Метод. Изменение Дефолтного Значения Порта FileZilla

Второй Метод. Отключение Антивируса/Брандмауэра

Третий Метод. Изменение Мастера Настройки Сети FileZilla

Выводы

Читайте также: