[RESOLVED] TLS problem with Cerberus FTP Server

Home Forums General Report a Bug [RESOLVED] TLS problem with Cerberus FTP Server

  • This topic is empty.
Viewing 15 posts - 1 through 15 (of 17 total)
  • Author
    Posts
  • #29754
    lsw
    Participant

    Hello,

    It seems that Cerberus FTP Server has a bug and is not conforms to RFC about TLS connection. Indeed, latest version of FileZilla FTP Client informs us that the TLS connection was not closed correctly and files information was not provided. So latest version of FileZilla Client is currently not usable with Cerberus FTP (with FTP Explicit TLS option).

    This bug is located at server side and should be corrected by Cerberus Team. The tracelog from FileZilla is the following (when I’m using FTP Explicit TLS):

    Trace: CTransferSocket::OnReceive(), m_transferMode=0

    Trace: GnuTLS error -9: A TLS packet with unexpected length was received.

    Status: Server did not properly shut down TLS connection

    Error: Could not read from transfer socket: ECONNABORTED – Connection aborted

    Information from filezilla about this message:

    http://forum.filezilla-project.org/viewtopic.php?f=2&t=8110&st=0&sk=t&sd=a

    FileZilla FTP Client is very interresting for us because it is available for several operating systems that we use (MacOS, Windows and Linux).

    Are you looking for a solution about this bug?

    When a new version of Cerberus FTP Server will be launched ?

    Thank you,

    Regards,

    Louis.

    #34906
    lsw
    Participant

    Hello !

    I’ve done some test with the latest version (2.49) of Cerberus FTP server published today and the problem remains. I’m not able to connect to my Cerberus FTP server with SSL Explicit option via FileZilla.

    What about this problem ?

    Thank you,

    Louis.

    #34907
    imported_Serin
    Participant

    Very frustrating, this release was supposed to address this problem. It appears our quality control was lacking here. Somehow the code fix got reverted before the build was issued and the fix never got into the install. I will be releasing an updated version later today.

    #34908
    imported_Serin
    Participant

    I’ve just updated both installers. Version 2.49a is on the download page.

    #34909
    lsw
    Participant

    Hello,

    I confirm you that this problem is now resolved with the “last latest” version (2.49a).

    Thank you for your help,

    Louis.

    #34910
    spaltd
    Participant

    And this is why I love Cerberus FTP.

    I have to say, this one of the handiest, best supported products I’ve ever purchased through an independent author.

    #34912
    linux.llama
    Participant

    Old post, but I’m getting this error with Cerberus 3.1.0.4 and Filezilla 3.3.1.

    Not impeding anything, just wanted to give a heads up. I can post logs if need be.

    #34911
    imported_Serin
    Participant

    Hello,

    I just tested Cerberus 3.1.0.4 and Filezilla 3.3.1 with TLS/SSL and couldn’t find any problems with secure connections. Can you post the log file?

    Thanks.

    #34913
    linux.llama
    Participant

    This is from Filezilla (client side):

    Command: USER Administrator

    Status: TLS/SSL connection established.

    Response: 331 User Administrator, password please

    Command: PASS ********

    Response: 230 Password Ok, User logged in

    Command: CLNT FileZilla

    Response: 200 Command okay

    Command: OPTS UTF8 ON

    Response: 220 UTF8 support on

    Command: PBSZ 0

    Response: 200 PBSZ=0

    Command: PROT P

    Response: 200 PROT P OK, data channel will be secured

    Status: Connected

    Status: Starting download of /videos/Movies/Action-Adventure/King Arthur.avi

    Command: CWD /videos/Movies/Action-Adventure

    Response: 250 Change directory ok

    Command: PWD

    Response: 257 “/videos/Movies/Action-Adventure” is the current directory

    Command: TYPE I

    Response: 200 Type Binary

    Command: PASV

    Response: 227 Entering Passive Mode (xx,xx,xx,xx,45,188)

    Command: RETR King Arthur.avi

    Response: 150 Opening data connection

    Error: GnuTLS error -9: A TLS packet with unexpected length was received.

    Status: Server did not properly shut down TLS connection

    Error: Disconnected from server: ECONNABORTED – Connection aborted

    And here’s from Cerberus.

    [2010-02-01 19:22:59]:CONNECT [ 55] – Incoming connection request on interface 192.168.1.2

    [2010-02-01 19:22:59]:CONNECT [ 55] – Connection request accepted from xx.xx.xxx.xx

    [2010-02-01 19:22:59]:COMMAND [ 55] – AUTH TLS

    [2010-02-01 19:22:59]: REPLY [ 55] – 234 Authentication method accepted

    [2010-02-01 19:23:00]:CONNECT [ 55] – SSL connection using TLSv1/SSLv3, 128 bit encryption

    [2010-02-01 19:23:00]:CONNECT [ 55] – SSL connection established

    [2010-02-01 19:23:00]:COMMAND [ 55] – USER Administrator

    [2010-02-01 19:23:00]: REPLY [ 55] – 331 User Administrator, password please

    [2010-02-01 19:23:00]:COMMAND [ 55] – PASS ***********

    [2010-02-01 19:23:00]: REPLY [ 55] – 230 Password Ok, User logged in

    [2010-02-01 19:23:00]:COMMAND [ 55] – CLNT FileZilla

    [2010-02-01 19:23:00]: REPLY [ 55] – 200 Command okay

    [2010-02-01 19:23:01]:COMMAND [ 55] – OPTS UTF8 ON

    [2010-02-01 19:23:01]: REPLY [ 55] – 220 UTF8 support on

    [2010-02-01 19:23:01]:COMMAND [ 55] – PBSZ 0

    [2010-02-01 19:23:01]: REPLY [ 55] – 200 PBSZ=0

    [2010-02-01 19:23:01]:COMMAND [ 55] – PROT P

    [2010-02-01 19:23:01]: REPLY [ 55] – 200 PROT P OK, data channel will be secured

    [2010-02-01 19:23:02]:COMMAND [ 55] – CWD /videos/Movies/Action-Adventure

    [2010-02-01 19:23:02]: REPLY [ 55] – 250 Change directory ok

    [2010-02-01 19:23:02]:COMMAND [ 55] – PWD

    [2010-02-01 19:23:02]: REPLY [ 55] – 257 “/videos/Movies/Action-Adventure” is the current directory

    [2010-02-01 19:23:02]:COMMAND [ 55] – TYPE I

    [2010-02-01 19:23:02]: REPLY [ 55] – 200 Type Binary

    [2010-02-01 19:23:02]:COMMAND [ 55] – PASV

    [2010-02-01 19:23:02]: REPLY [ 55] – 227 Entering Passive Mode (xx,xx,xx,xx,45,188)

    [2010-02-01 19:23:02]:COMMAND [ 55] – RETR King Arthur.avi

    [2010-02-01 19:23:11]: REPLY [ 55] – 150 Opening data connection

    [2010-02-01 19:23:12]:CONNECT [ 55] – SSL connection using TLSv1/SSLv3, 128 bit encryption

    [2010-02-01 19:23:12]:CONNECT [ 55] – SSL data connection established

    #34914
    imported_Serin
    Participant

    It doesn’t look like the entire log for that transfer is there. My guess is that the connection was disconnected (I’m guessing by the filename that it was a long transfer). Filezilla will report that error message if the connection gets disconnected unexpectedly.

    We test with Filezilla routinely and I ran a few tests tonight just to be sure there wasn’t a new version. Everything was working fine with SSL transfers and connections.

    #34915
    imported_Serin
    Participant

    Ah, I understand what it going on now. Filezilla regularly opens up two connections (presumably to multitask). When downloading a large file, one connection is downloading the file and stays open for the entire length of the transfer. The other connection is idle and eventually gets disconnected by Cerberus. The error is because Filezilla doesn’t like how Cerberus is terminating the connection. It’s completely harmless but I will see what I can do to remove the message and disconnect more gracefully in those situations.

    #34916
    Madgex
    Participant

    Hello,

    Apologies for dragging up an old Post, but I’m on a network with 30 or so users. 4 of those users are experiencing the exact same issue mentioned above when connecting to Cerberus under FTPES.

    The connection is terminated with:

    Status: Initializing TLS…

    Error: GnuTLS error -9: A TLS packet with unexpected length was received.

    Error: Could not connect to server

    I’m at a loss as to what the problem may be. I’ve updated them to the latest version of FileZilla.

    Any help would be much appreciated.

    Thanks,

    Russ

    #34917
    imported_Serin
    Participant

    Hello Russ,

    Are you running the latest version of Cerberus FTP Server 4?

    #34918
    Madgex
    Participant

    Hi,

    No I haven’t had a chance to upgrade yet, I’m on the previous version. Do you expect that to fix the issue?

    Russ

    #34919
    imported_Serin
    Participant

    Hi Russ,

    It depends on what version you are running. We added some additional code to version 3.1.1 to better handle properly shutting down idle TLS connections.

    Do you have a log file showing the problem?

Viewing 15 posts - 1 through 15 (of 17 total)
  • You must be logged in to reply to this topic.
Close Cart

Shopping Cart