Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
+1 vote
1.5k views
in .NET FTP by (160 points)

Hello

Anyone having problems with SecureFTPConnection and Filezilla server 1.3.0? With an insecure setup, the connection is OK. With Explicit only setup there is no way to connect. 

The client debug mode :

Testing your ftp settings...

Set LocalDirectory to D:\Projects\

waitOnShutdownSSL=True

StrictReturnCodes=False

Setting socket timeout=120000

SecureSocket timeout=120000

SecureSocket timeout=120000

Command encoding=System.Text.SBCSCodePageEncoding

Setting socket buffer sizes=-1

220-FileZilla Server 1.3.0

220 Please visit https://filezilla-project.org/

SetSSLProtocol: min=DETECT, max=DETECT

---> AUTH TLS

234 Using authentication type TLS.

Starting handshake

ECDHE_RSA_AES_128_SHA

ECDHE_RSA_AES_256_SHA

RSA_AES_128_GCM_SHA256

RSA_AES_256_GCM_SHA384

DHE_RSA_AES_128_GCM_SHA256

DHE_RSA_AES_256_GCM_SHA384

ECDHE_RSA_AES_128_GCM_SHA256

ECDHE_RSA_AES_256_GCM_SHA384

DHE_RSA_AES_128_SHA

DHE_RSA_AES_128_SHA256

DHE_RSA_AES_256_SHA

DHE_RSA_AES_256_SHA256

DHE_RSA_AES_256_SHA256

RSA_AES_128_SHA

RSA_AES_128_SHA256

RSA_AES_256_SHA256

RSA_AES_256_SHA

ECDHE_RSA_3DES_SHA

DHE_RSA_3DES_SHA

RSA_3DES_168_SHA

DHE_RSA_DES_SHA

Handshake started

Waiting for handshake completion

OnReceive closing (size == 0)

CloseConnection(e=null)

Shut down socket

Closed socket

Close() called when open

OnReceive - caught exception - closing: Socket closed before handshake is complete (2)

CloseConnection(e=Socket closed before handshake is complete (2))

OnHandshakeComplete - waiting for lock

OnHandshakeComplete - in lock

OnHandshakeComplete - exiting lock

OnHandshakeComplete - exit

Exception during handshake

Socket closed before handshake is complete (2)

On the server side I got:

2022-03-24T19:31:12.791Z II [FTP Session 25 127.0.0.1] Session 0x1d6a3247930 with ID 25 created.

2022-03-24T19:31:12.854Z >> [FTP Session 25 127.0.0.1] AUTH TLS

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] securer(1) ENTERING state = 0

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] calling tls_layer_->set_certificate_file("C:\Windows\system32\config\systemprofile\AppData\Local\filezilla-server\certificates\cc4c3012da89d57f85610ff2c14d26483cf9352a4c0e4a0e8c2e9502299de874\key.pem", "C:\Windows\system32\config\systemprofile\AppData\Local\filezilla-server\certificates\cc4c3012da89d57f85610ff2c14d26483cf9352a4c0e4a0e8c2e9502299de874\cert.pem", "****")

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] securer(1) EXITING state = 1

2022-03-24T19:31:12.854Z << [FTP Session 25 127.0.0.1] 234 Using authentication type TLS.

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] ~securer(1) ENTERING state = 1

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] calling tls_layer_->set_alpn()

2022-03-24T19:31:12.854Z VV [FTP Session 25 127.0.0.1] tls_layer_impl::server_handshake()

2022-03-24T19:31:12.854Z VV [FTP Session 25 127.0.0.1] tls_layer_impl::continue_handshake()

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] ~securer(1) EXITING state = 2

2022-03-24T19:31:12.854Z DD [FTP Session 25 127.0.0.1] tls_layer_impl::on_send()

2022-03-24T19:31:12.854Z VV [FTP Session 25 127.0.0.1] tls_layer_impl::continue_handshake()

2022-03-24T19:31:13.148Z DD [FTP Session 25 127.0.0.1] tls_layer_impl::on_read()

2022-03-24T19:31:13.148Z VV [FTP Session 25 127.0.0.1] tls_layer_impl::continue_handshake()

2022-03-24T19:31:13.148Z DD [FTP Session 25 127.0.0.1] TLS handshakep: Received CLIENT HELLO

2022-03-24T19:31:13.148Z DD [FTP Session 25 127.0.0.1] tls_layer_impl::failure(-347)

2022-03-24T19:31:13.148Z !! [FTP Session 25 127.0.0.1] GnuTLS error -347: A connection with inappropriate fallback was attempted.

2022-03-24T19:31:13.148Z !! [FTP Session 25 127.0.0.1] Control channel closed with error from source 0. Reason: ECONNABORTED - Connection aborted.

2022-03-24T19:31:13.149Z !! [FTP Server] Session 25 ended with error from source 0. Reason: ECONNABORTED - Connection aborted.

2022-03-24T19:31:13.149Z II [FTP Session 25 127.0.0.1] Session 0x1d6a3247930 with ID 25 destroyed.

-347: A connection with inappropriate fallback was attempted. seems to be the problem here.  The server is at minimum TLS 1.2 and the client is using all possible cipher methods. 

1 Answer

0 votes
by (8.1k points)

In the latest version of Filezilla the default self-signed certificate has been changed to ECDSA (instead of RSA). The solution is install a new RSA self-signed certificate into Filezilla which would then allow you to connect.

by (160 points)
Thank you. What if this cannot be done (I don't own the server). Other clients (Total commander, for example) don't have that problem.
by (8.1k points)
What version of our client are you currently running? Our development team is currently working on including this  ECDSA certificate fix in a forthcoming release.
by (160 points)
Still on 9.8, but tested with 10.1 (demo) and same thing.

Categories

...