I've got a little problem that I'm just not able to explain because it's really odd. I read about it on FileZilla forums about the TLS problem and that it was the servers fault and after that the other side (clients) blaming Filezilla that the problem was in the client itself and I could reasonably agree with both sides. But while reading I was getting nowhere and just becoming confused as hell. Code: Status: Starting download of /web/Sources/ManageMail.php Command: PASV Response: 227 Entering Passive Mode (217,174,155,59,178,83) Command: RETR ManageMail.php Response: 150-Accepted data connection Response: 150 12.6 kbytes to download Error: GnuTLS error -110 in gnutls_record_recv: The TLS connection was non-properly terminated. Status: Server did not properly shut down TLS connection Error: Could not read from transfer socket: ECONNABORTED - Connection aborted Response: 226-File successfully transferred Response: 226 0.000 seconds (measured here), 41.22 Mbytes per second Error: File transfer failed after transferring 13,313 bytes in 1 second Why am I confused? Some files are getting transferred without error, some files are transferred with error while other are not transferred at all with error. They have nothing in common, absolutely nothing. What I did... Installed gnutls-bin as it wasn't, updated and then upgraded all packages, tried checking any error log, I see only transfer log which doesn't contain any error log. Updated FileZilla to latest version (after which actually everything started), tried checking the TLS version at the server if it was 3.4.10 which is the GnuTLS version of FileZilla. Made a gnutls-cli test in the SSH which didn't return anything useful as information on port 443, only that it is using TLS protocol version 1.2 and after that ran a test on port 21 which actually showed something interesting but nothing that rings a bell to me: Code: |<2>| ASSERT: gnutls_record.c:538 |<2>| ASSERT: gnutls_record.c:995 |<2>| ASSERT: gnutls_handshake.c:2762 *** Fatal error: An unexpected TLS packet was received. |<4>| REC: Sending Alert[2|10] - Unexpected message |<4>| REC[0x9664b0]: Sending Packet[1] Alert(21) with length: 2 |<4>| REC[0x9664b0]: Sent Packet[2] Alert(21) with length: 7 *** Handshake has failed GnuTLS error: An unexpected TLS packet was received. |<4>| REC[0x9664b0]: Epoch #0 freed |<4>| REC[0x9664b0]: Epoch #1 freed Any idea?
Reminds me of another post on the forums recently, and IIRC, the solution (or recommendation?) was to generate a new certificate for the server.
Yes I also thought of that but sounds kinda non-logical, because as I said previously I can transfer some files but others I can't and if the certificate itself was the problem it would be for every connection and file wouldn't it? Seems like I don't have much of a choice and I have to try it... any other possible solution? I could easily try to restart the server but I'm willing to fix the problem is it's happening so I can know what causes it. By the way restarting pureftpd doesn't fix it. Edit ------------------------------------------- Generated a new certificate and the problem remains. Deleted the job queue for certain files and issued them to get downloaded again but the problem occurs again. It's like the SSL certificate is securing the information irreversibly.
The current FileZilla problems are not related to the issue in this ancient thread. See: https://forum.filezilla-project.org/viewtopic.php?f=1&t=50496 Filezilla did some changes to enforce TLS 1.3 which makes it incompatible to connect to older pure-ftpd versions which support only TLS up to 1.2.
To resolve this you'll need to compile pure-ftpd on your own. Read more about it here: https://github.com/jedisct1/pure-ftpd/issues/94 Your server may also need Open SSL 1.1.1 too.
There are actually several options to resolve or work around the issue: 1) Use a different FTP client. 2) switch back to the prior FileZilla version. 3) Compile a newer pure-ftpd-mysql version. 4) On Debian and Ubuntu: Try to install a precompiled version which has this patch inside via apt pinning as the version from Debian 10 should not be affected and the version from latest Ubuntu 19.04 or upcoming 19.10 might work too.
Hi, i have same problem. There is impossible ftp connect with TLS certificate. I renewed certificate but with any ftp client i get same error: all is ok, host ok, user ok, password ok, certificate ok, but suddently non-properly terminated or This security scheme is not implemented there is any solution? Respuesta: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Respuesta: 220-You are user number 1 of 50 allowed. Respuesta: 220-Local time is now 11:43. Server port: 21. Respuesta: 220-This is a private system - No anonymous login Respuesta: 220-IPv6 connections are also welcome on this server. Respuesta: 220 You will be disconnected after 15 minutes of inactivity. Comando: AUTH TLS Respuesta: 234 AUTH TLS OK. Estado: Inicializando TLS... Estado: Verificando certificado... Estado: Conexión TLS establecida. Comando: USER citadela Error: Error GnuTLS -110 en gnutls_record_recv: The TLS connection was non-properly terminated. Estado: El servidor no cerró la conexión TLS adecuadamente Error: No se pudo leer desde el socket: ECONNABORTED - Conexión abortada Error: No se pudo conectar al servidor other ftp client: OpenSSL SSL_read: Connection reset by peer, errno 54. Server returned: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 3 of 50 allowed. 220-Local time is now 11:58. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. 500 This security scheme is not implemented 234 AUTH TLS OK. -1.) this is STATUS pure-ftpd-mysql: Jul 01 11:58:25 ns3040218 pure-ftpd[28811]: ([email protected]) [INFO] New connection from 89.129.230.184 Jul 01 11:58:25 ns3040218 pure-ftpd[28811]: ([email protected]) [ERROR] TLS renegociation Jul 01 11:58:26 ns3040218 pure-ftpd[28813]: ([email protected]) [INFO] New connection from 89.129.230.184 Jul 01 11:58:26 ns3040218 pure-ftpd[28813]: ([email protected]) [ERROR] TLS renegociation Jul 01 11:58:26 ns3040218 pure-ftpd[28815]: ([email protected]) [INFO] New connection from 89.129.230.184 Jul 01 11:58:26 ns3040218 pure-ftpd[28815]: ([email protected]) [ERROR] TLS renegociation Jul 01 11:59:35 ns3040218 pure-ftpd[27293]: ([email protected]) [INFO] Timeout - try typing a little faster next time Jul 01 11:59:45 ns3040218 pure-ftpd[28922]: ([email protected]) [INFO] New connection from 89.129.230.184 Jul 01 12:00:06 ns3040218 pure-ftpd[29091]: ([email protected]) [INFO] New connection from 127.0.0.1 Jul 01 12:00:06 ns3040218 pure-ftpd[29091]: ([email protected]) [INFO] Logout.
Do not revive 5 year old threads. If you really have the same problem, the solutions Till mentions should work. If they don't, you should have started a new thread.
update the ftp-server to a newer version. i wrote somewhere in this forum how you can do this with ubunu 18.
