You are not logged in.
Hi all,
I'm running into some troubles since the last gnutls update ( 3.0.0-2 ).
Filezilla won't connect in FTPES to a server using a self signed certificate I'm running into the following error :
Status: Connecting to xx.xxx.xxx.xx:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220 ProFTPD 1.3.3a Server (XXXXXXX FTP SERVER) [::ffff:xx.xxx.xxx.xx]
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::Failure(-12, 103)
Trace: GnuTLS alert 40: Handshake failed
Error: GnuTLS error -12: A TLS fatal alert has been received.
Trace: CRealControlSocket::OnClose(103)
Trace: CControlSocket::DoClose(64)
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Error: Could not connect to server
Trace: CFileZillaEnginePrivate::ResetOperation(66)
On the server side the tls error log shows :
Aug 18 20:02:05 mod_tls/2.4.1[21290]: TLS/TLS-C requested, starting TLS handshake
Aug 18 20:02:05 mod_tls/2.4.1[21290]: unable to accept TLS connection: protocol error:
(1) error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Aug 18 20:02:05 mod_tls/2.4.1[21290]: TLS/TLS-C negotiation failed on control channel
Connexion with other clients such as lftp succeeds.
Is anyone else running into this issue ?
TeM
Last edited by TeM (2011-08-18 20:33:31)
Offline
Is anyone else running into this issue ?
Yes, same here.
Offline
Same happens for me, though I don't know how you got that log output. If I downgrade to gnutls-2.12.7-2-i686.pkg.tar.xz and filezilla-3.5.0-1-i686.pkg.tar.xz, then I can connect again. I don't know how to go about finding how to fix it.
Edit:
I thought it may have something to do with this that the OP pasted:
Aug 18 20:02:05 mod_tls/2.4.1[21290]: unable to accept TLS connection: protocol error:
(1) error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
But no:
$ gnutls-cli -v | head -n1
gnutls-cli (GnuTLS) 3.0.0
$ gnutls-cli -l | grep Ciphers
Ciphers: AES-256-CBC, AES-192-CBC, AES-128-CBC, AES-128-GCM, 3DES-CBC, DES-CBC, ARCFOUR-128, ARCFOUR-40, RC2-40, CAMELLIA-256-CBC, CAMELLIA-128-CBC, IDEA-PGP-CFB, 3DES-PGP-CFB, CAST5-PGP-CFB, BLOWFISH-PGP-CFB, SAFER-SK128-PGP-CFB, AES-128-PGP-CFB, AES-192-PGP-CFB, AES-256-PGP-CFB, TWOFISH-PGP-CFB, NULL
and
$ gnutls-cli -v | head -n1
gnutls-cli (GnuTLS) 2.12.7
$ gnutls-cli -l | grep Ciphers
Ciphers: AES-256-CBC, AES-128-CBC, 3DES-CBC, DES-CBC, ARCFOUR-128, ARCFOUR-40, RC2-40, CAMELLIA-256-CBC, CAMELLIA-128-CBC, NULL
According to that all the old ciphers are still there.
Last edited by SidK (2011-08-18 21:40:52)
Offline
The latest gnutls update has broken weechat ssl connections too. The only error message I get says "TLS Handshake failed". Downgrading to the previous gnutls version fixes the issue.
Offline
After updating, i get:
Error: GnuTLS error -12: A TLS fatal alert has been received.
If I roll back to previous filezilla/gnutls then it works again.
Offline
I guess we should report that upstream then ... ?
Last edited by TeM (2011-08-18 22:07:39)
Offline
downgrading is not a solution. report it upstream and on our tracker as well.
Give what you have. To someone, it may be better than you dare to think.
Offline
I reported my problem as bug 25669
Last edited by steabert (2011-08-19 09:08:41)
Offline
Could you try FTPS with gftp for example? For me it's crashing when trying:
gftp: 2.0.19-3
gnutls: 3.0.1-1
localhost kernel: [12147.832527] gftp-gtk[15683]: segfault at 0 ip 00007f2f57a95099 sp 00007f2f522aa9b0 error 4 in libc-2.14.so[7f2f57a1e000+156000]
Offline
Hey guys, I apologize if this is a stupid question, but does anyone know of an FTP client that isn't running into this problem atm and is reliable? I rely on filezilla for work and when I downgrade it works, but messes up chromium, so I'd like to find a temporary solution besides having to downgrade/upgrade every time i use it.
Offline
Hi,
Confirm the error - GnuTLS error -12: A TLS fatal alert has been received.
Response: 234 AUTH TLS OK.
Status: Initializing TLS...
Error: GnuTLS error -12: A TLS fatal alert has been received.
Error: Could not connect to server
It works when downgraded
filezilla (3.5.1-1 => 3.5.0-1)
gnutls (3.0.2-1 => 2.12.6.1-1)
but Chromium refuses to start, says need higher gnutls library version, thus downgrade not solution for me.
I have installed arch x86_64 and installed bundled 32-bit system in Arch64 for skype and other apps -
https://wiki.archlinux.org/index.php/In … _in_Arch64
While we are waiting for bugfix/solution i decided to install worked (downgraded to 3.5.0-1) version of filezilla in arch32 installation and it works fine
Offline
Indeed a lot of other programs fail if you downgrade gnutls. I've opened a bug upstream, but looking at other, older, tickets very few get feedback or seem to be acted on. So it may take a while. Perhaps it's better to report on their forums, I don't know.
Offline
one interesting link - "gnutls update to 2.12 branch breaks programs in ARCH and Debian squeeze" - https://savannah.gnu.org/support/index.php?107660
Offline
A patch [1] has been posted which fixes this issue [2]. Either install through ABS and patch it or wait for the next release.
[1]: http://trac.filezilla-project.org/attac … /patch.txt
[2]: http://trac.filezilla-project.org/ticket/7742
Last edited by SidK (2011-09-23 16:02:31)
Offline