FTPS doesn't work with clients such as FileZilla

Bug #254905 reported by Andrzej Zadrożny on 2008-08-05
20
Affects Status Importance Assigned to Milestone
vsftpd (Ubuntu)
Medium
Adrien Cunin
Hardy
Medium
Adrien Cunin

Bug Description

Binary package hint: vsftpd

In FileZilla ftp Client when connecting to vsftpd 2.0.6 server with explicit TLS/SSL on HardyHeron:

Status: Server did not properly shut down TLS connection
Błąd: Could not read from transfer socket: ECONNABORTED - Connection aborted

On filezilla forum http://forum.filezilla-project.org/viewtopic.php?p=26923#p26923

In release notice of vsftpd-2.0.7 http://vsftpd.beasts.org/ there is information about bugfix.

Pleas rebuild new version of vsftpd in HardyHeron

-- SRU

1) Explanation, rationale, and everything.
This is bug is fixed in intrepid as it is fixed in vsftpd 2.0.7.
It is a problem in the SSL connection shutdown code, which doesn't follow the standard. Clients such as recent FileZilla which decided to enforce SSL connections to be properly closed (because it is otherwise a security risk) now do not work with vsftpd 2.0.6 and other broken FTP servers. That means this bug potentially affects any standard-compliant client.
The person who fixed that bug in Fedora gave me their patch, which I applied. It is basically what was changed in 2.0.7 ssl code, modulo other changes we don't want in this SRU as they are not useful for fixing this bug.

2) TEST CASE: Install vsftpd and configure it with ssl (certificate, ssl_enable=yes), try connecting to it with a recent version of FileZilla (eg. the one in intrepid) using ftpes://your_server and see it fails with a message explaining the ssl shutdown problem. Now install the proposed vsftpd package, you should be able to connect and download/upload etc.

Mihai Chezan (mihai-chezan) wrote :

I have the same problem, peoples can't connect to my vsftp server anymore since they upgraded to the latest version of FileZilla client.
It would be nice if you could rebuild a new version using the 2.0.7 release of vsftp.
Thank you.

hux (mattsg) wrote :

Same here. After further investigation, it seems that the Filezilla devs have decided to implement (rather pedantically, imo) something that is part of the official TLS standard, but is rarely implemented by FTP server applications. As a result, anyone who keeps up to date with Filezilla will no longer be able to log in to vsftpd servers on Ubuntu that require TLS.

vsftpd-2.0.7 fixes this problem, so it would be *really* good if it could be backported to Hardy. :)

Adrien Cunin (adri2000) on 2008-09-13
Changed in vsftpd:
assignee: nobody → adri2000
importance: Undecided → Medium
status: New → Confirmed
Adrien Cunin (adri2000) on 2008-09-13
Changed in vsftpd:
assignee: nobody → adri2000
importance: Undecided → Medium
status: New → Confirmed
Adrien Cunin (adri2000) on 2008-09-16
Changed in vsftpd:
status: Confirmed → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vsftpd - 2.0.7-0ubuntu1

---------------
vsftpd (2.0.7-0ubuntu1) intrepid; urgency=low

  * New upstream release
     - Fixes SSL shutdown bug (LP: #254905)

 -- Adrien Cunin <email address hidden> Tue, 16 Sep 2008 19:20:32 +0200

Changed in vsftpd:
status: In Progress → Fix Released
Adrien Cunin (adri2000) wrote :

This is what I prepared for hardy-proposed, not uploaded yet.

description: updated
Changed in vsftpd:
status: Confirmed → In Progress
Adrien Cunin (adri2000) wrote :

Uploaded now.

Martin Pitt (pitti) wrote :

Accepted into -proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in vsftpd:
status: In Progress → Fix Committed
beauval (niconiconico007) wrote :

That is working very well with filezilla 3.1.3.1(& still 3.0.7.1) to vsftpd_2.0.6-1ubuntu1.1 with no problem

Mihai Chezan (mihai-chezan) wrote :

I've also tested (2.0.6-1ubuntu1.1) it and it works now.
Clients tested: FileZilla 3.1.3.1 (new one) and FileZilla 3.0.7.1 (old one).
Thank you for fixing this.

hux (mattsg) wrote :

I've installed 2.0.6-1ubuntu1.1 and have been testing it today with Filezilla 3.1.3.1 on WinXP. Everything looks good so far.

Thanks so much for fixing this. You rock! :)

Martin Pitt (pitti) wrote :

Copied to hardy-updates.

Changed in vsftpd:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments