Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

TeM · 2011-08-18 20:03:33

Hi all,

I'm running into some troubles since the last gnutls update ( 3.0.0-2 ).

Filezilla won't connect in FTPES to a server using a self signed certificate I'm running into the following error :

Status: Connecting to xx.xxx.xxx.xx:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220 ProFTPD 1.3.3a Server (XXXXXXX FTP SERVER) [::ffff:xx.xxx.xxx.xx]
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::Failure(-12, 103)
Trace: GnuTLS alert 40: Handshake failed
Error: GnuTLS error -12: A TLS fatal alert has been received.
Trace: CRealControlSocket::OnClose(103)
Trace: CControlSocket::DoClose(64)
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Error: Could not connect to server
Trace: CFileZillaEnginePrivate::ResetOperation(66)

On the server side the tls error log shows :

Aug 18 20:02:05 mod_tls/2.4.1[21290]: TLS/TLS-C requested, starting TLS handshake
Aug 18 20:02:05 mod_tls/2.4.1[21290]: unable to accept TLS connection: protocol error:
(1) error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Aug 18 20:02:05 mod_tls/2.4.1[21290]: TLS/TLS-C negotiation failed on control channel

Connexion with other clients such as lftp succeeds.

Is anyone else running into this issue ?

TeM

Last edited by TeM (2011-08-18 20:33:31)

foobarch · 2011-08-18 21:12:28

Is anyone else running into this issue ?

Yes, same here.

SidK · 2011-08-18 21:21:18

Same happens for me, though I don't know how you got that log output. If I downgrade to gnutls-2.12.7-2-i686.pkg.tar.xz and filezilla-3.5.0-1-i686.pkg.tar.xz, then I can connect again. I don't know how to go about finding how to fix it.

Edit:
I thought it may have something to do with this that the OP pasted:

Aug 18 20:02:05 mod_tls/2.4.1[21290]: unable to accept TLS connection: protocol error:
  (1) error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

But no:

$ gnutls-cli -v | head -n1
gnutls-cli (GnuTLS) 3.0.0
$ gnutls-cli -l | grep Ciphers
Ciphers: AES-256-CBC, AES-192-CBC, AES-128-CBC, AES-128-GCM, 3DES-CBC, DES-CBC, ARCFOUR-128, ARCFOUR-40, RC2-40, CAMELLIA-256-CBC, CAMELLIA-128-CBC, IDEA-PGP-CFB, 3DES-PGP-CFB, CAST5-PGP-CFB, BLOWFISH-PGP-CFB, SAFER-SK128-PGP-CFB, AES-128-PGP-CFB, AES-192-PGP-CFB, AES-256-PGP-CFB, TWOFISH-PGP-CFB, NULL

and

$ gnutls-cli -v | head -n1
gnutls-cli (GnuTLS) 2.12.7
$ gnutls-cli -l | grep Ciphers
Ciphers: AES-256-CBC, AES-128-CBC, 3DES-CBC, DES-CBC, ARCFOUR-128, ARCFOUR-40, RC2-40, CAMELLIA-256-CBC, CAMELLIA-128-CBC, NULL

According to that all the old ciphers are still there.

Last edited by SidK (2011-08-18 21:40:52)

HoboJ · 2011-08-18 21:46:55

The latest gnutls update has broken weechat ssl connections too. The only error message I get says "TLS Handshake failed". Downgrading to the previous gnutls version fixes the issue.

steabert · 2011-08-18 21:47:22

After updating, i get:

Error: GnuTLS error -12: A TLS fatal alert has been received.

If I roll back to previous filezilla/gnutls then it works again.

TeM · 2011-08-18 22:06:31

I guess we should report that upstream then ... ?

Last edited by TeM (2011-08-18 22:07:39)

wonder · 2011-08-19 08:44:15

downgrading is not a solution. report it upstream and on our tracker as well.

steabert · 2011-08-19 09:08:23

I reported my problem as bug 25669

Last edited by steabert (2011-08-19 09:08:41)

foobarch · 2011-08-26 12:46:34

Could you try FTPS with gftp for example? For me it's crashing when trying:

gftp: 2.0.19-3
gnutls: 3.0.1-1

localhost kernel: [12147.832527] gftp-gtk[15683]: segfault at 0 ip 00007f2f57a95099 sp 00007f2f522aa9b0 error 4 in libc-2.14.so[7f2f57a1e000+156000]

thebrokencube · 2011-09-10 15:42:40

Hey guys, I apologize if this is a stupid question, but does anyone know of an FTP client that isn't running into this problem atm and is reliable? I rely on filezilla for work and when I downgrade it works, but messes up chromium, so I'd like to find a temporary solution besides having to downgrade/upgrade every time i use it.

dernik · 2011-09-12 22:33:45

Hi,

Confirm the error - GnuTLS error -12: A TLS fatal alert has been received.

Response:	234 AUTH TLS OK.
Status:	Initializing TLS...
Error:	GnuTLS error -12: A TLS fatal alert has been received.
Error:	Could not connect to server

It works when downgraded
filezilla (3.5.1-1 => 3.5.0-1)
gnutls (3.0.2-1 => 2.12.6.1-1)
but Chromium refuses to start, says need higher gnutls library version, thus downgrade not solution for me.

I have installed arch x86_64 and installed bundled 32-bit system in Arch64 for skype and other apps -
https://wiki.archlinux.org/index.php/In … _in_Arch64

While we are waiting for bugfix/solution i decided to install worked (downgraded to 3.5.0-1) version of filezilla in arch32 installation and it works fine

SidK · 2011-09-13 14:09:09

Indeed a lot of other programs fail if you downgrade gnutls. I've opened a bug upstream, but looking at other, older, tickets very few get feedback or seem to be acted on. So it may take a while. Perhaps it's better to report on their forums, I don't know.

dernik · 2011-09-18 23:46:02

one interesting link - "gnutls update to 2.12 branch breaks programs in ARCH and Debian squeeze" - https://savannah.gnu.org/support/index.php?107660

SidK · 2011-09-23 16:02:12

A patch [1] has been posted which fixes this issue [2]. Either install through ABS and patch it or wait for the next release.
[1]: http://trac.filezilla-project.org/attac … /patch.txt
[2]: http://trac.filezilla-project.org/ticket/7742

Last edited by SidK (2011-09-23 16:02:31)

Arch Linux

#1 2011-08-18 20:03:33

Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

#2 2011-08-18 21:12:28

Re: Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

#3 2011-08-18 21:21:18

Re: Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

#4 2011-08-18 21:46:55

Re: Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

#5 2011-08-18 21:47:22

Re: Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

#6 2011-08-18 22:06:31

Re: Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

#7 2011-08-19 08:44:15

Re: Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

#8 2011-08-19 09:08:23

Re: Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

#9 2011-08-26 12:46:34

Re: Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

#10 2011-09-10 15:42:40

Re: Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

#11 2011-09-12 22:33:45

Re: Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

#12 2011-09-13 14:09:09

Re: Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

#13 2011-09-18 23:46:02

Re: Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

#14 2011-09-23 16:02:12

Re: Filezilla fails establishing FTPES connexion since gnutls 3.0.0 update

Board footer