FileZilla Handshare Error

Mar 30, 2011 at 5:43 AM

Hi Everyone, 

I got an issue when use FTPS to connect to FTP Implicit / Passive mode.  The error message is "Handshake error due to unexpected packet format".  I can connect through FileZilla client.  I attached FileZilla log for your reference.

Please help

Thank you

Status: Connection established, initializing TLS...

Status: Verifying certificate...

Status: TLS/SSL connection established, waiting for welcome message...

Response: 220-FileZilla Server version 0.9.33 beta

Response: 220 Welcome to Synovate HK SSL/TLS FTP 2nd

Command: USER xxxxx

Response: 331 Password required for nwsgn

Command: PASS ******

Response: 230 Logged on

Command: SYST

Response: 215 UNIX emulated by FileZilla

Command: FEAT

Response: 211-Features:

Response: MDTM

Response: REST STREAM

Response: SIZE

Response: MLST type*;size*;modify*;

Response: MLSD

Response: AUTH SSL

Response: AUTH TLS

Response: UTF8

Response: CLNT

Response: MFMT

Response: 211 End

Command: PBSZ 0

Response: 200 PBSZ=0

Command: PROT P

Response: 200 Protection level set to P

Status: Connected

Status: Retrieving directory listing...

Command: PWD

Response: 257 "/" is current directory.

Command: TYPE I

Response: 200 Type set to I

Command: PASV

Response: 227 Entering Passive Mode (xx.xx.x.x.x.))

Command: MLSD

Response: 150 Connection accepted

Response: 226 Transfer OK

Status: Directory listing successful

 

Jul 4, 2011 at 10:01 AM

I'm getting the same thing with the Filezilla server.  I'm using the ftps client to make sure the library will do what I need before I start coding -

ftps -h localhost -U xxxx-P yyyy -l . -port 990 -ssl Implicit
...
Accept invalid server certificate? (Y/N) Y
Remote directory: .
ERROR: The handshake failed due to an unexpected packet format.

I have Filezilla set-up in a very standard basic way and the Filezilla client connects OK on port 990.

ftps connects fine using no ssl or using explicit ssl.

Not too much of an issue as ftps connects the real world ftp server.  I've no idea how that one is configured though I see from the welcome message that it's the same version of the Filezilla server that I'm using locally. (0.9.39 beta)

So I presume there's a setting somewhere in the Filezilla server that will resolve the issue - no idea where!

Coordinator
Jul 4, 2011 at 11:42 AM

Peter,

the FileZilla commands you posted before are in explicit FTPS mode (PBSZ 0 and PROT P), not implicit.

Try to use port 990 with explicit mode (e.g. CredentialsRequested).

 

Cheers,

Alessandro

 

 

 

Jul 4, 2011 at 12:04 PM

Hi Alex,

The log was from another poster, you can see in my ftps command line that I've put "-ssl Implicit".  This is my server log -

 

Logged on

(000023)04/07/2011 12:02:57 - (not logged in) (127.0.0.1)> Connected, sending welcome message...

(000023)04/07/2011 12:02:57 - (not logged in) (127.0.0.1)> 220-FileZilla Server version 0.9.39 beta

(000023)04/07/2011 12:02:57 - (not logged in) (127.0.0.1)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)

(000023)04/07/2011 12:02:57 - (not logged in) (127.0.0.1)> 220 Please visit http://sourceforge.net/projects/filezilla/

(000023)04/07/2011 12:02:57 - (not logged in) (127.0.0.1)> SSL connection established

(000023)04/07/2011 12:03:00 - (not logged in) (127.0.0.1)> USER VizeliaFtp

(000023)04/07/2011 12:03:00 - (not logged in) (127.0.0.1)> 331 Password required for vizeliaftp

(000023)04/07/2011 12:03:00 - (not logged in) (127.0.0.1)> PASS **********

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> 230 Logged on

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> FEAT

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> 211-Features:

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> MDTM

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> REST STREAM

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> SIZE

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> MLST type*;size*;modify*;

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> MLSD

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> AUTH SSL

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> AUTH TLS

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> PROT

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> PBSZ

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> UTF8

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> CLNT

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> MFMT

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> 211 End

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> CLNT AlexFTPS

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> 200 Don't care

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> OPTS UTF8 ON

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> 200 UTF8 mode enabled

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> TYPE I

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> 200 Type set to I

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> PASV

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> 227 Entering Passive Mode (127,0,0,1,225,73)

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> LIST .

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> 150 Connection accepted

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> 226 Transfer OK

(000023)04/07/2011 12:03:00 - vizeliaftp (127.0.0.1)> disconnected.

 

 Thanks.

Peter

 

Coordinator
Jul 4, 2011 at 12:14 PM

Ops! :-)

The current beta offers a logging feature, can you please post a log using the following syntax:

ftps -h localhost -U xxxx -P yyyy -l -port 990 -ssl Implicit -lf log.txt

 

Thanks,

Alessandro

Jul 4, 2011 at 12:22 PM

When I go to the beta release I get a slightly different message -

ERROR: Unable to read data from the transport connection: An established connection was aborted by the software in your host machine.

This is the log.txt (passwords changed)

220 FileZilla Server version 0.9.39 beta
written by Tim Kosse (Tim.Kosse@gmx.de)
Please visit http://sourceforge.net/projects/filezilla/
USER XXXX
331 Password required for xxxxftp
PASS YYYYY
230 Logged on
FEAT
211 Features:
MDTM
REST STREAM
SIZE
MLST type*;size*;modify*;
MLSD
AUTH SSL
AUTH TLS
PROT
PBSZ
UTF8
CLNT
MFMT
End
CLNT AlexFTPS
200 Don't care
OPTS UTF8 ON
200 UTF8 mode enabled
TYPE I
200 Type set to I
PASV
227 Entering Passive Mode (127,0,0,1,225,166)
LIST .
150 Connection accepted

Peter

Coordinator
Jul 4, 2011 at 12:29 PM

Peter,

ok everything is fine until the data connection is enstablished.

If you connect with FileZilla client everything works fine? Can you post a log for comparison?

 

Cheers,

Alessandro

Jul 4, 2011 at 12:51 PM

Sure - this is the server log when the Filezilla client connects -

(000027)04/07/2011 12:46:04 - (not logged in) (::1)> Connected, sending welcome message...
(000027)04/07/2011 12:46:04 - (not logged in) (::1)> 220-FileZilla Server version 0.9.39 beta
(000027)04/07/2011 12:46:04 - (not logged in) (::1)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000027)04/07/2011 12:46:04 - (not logged in) (::1)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000027)04/07/2011 12:46:04 - (not logged in) (::1)> SSL connection established
(000027)04/07/2011 12:46:08 - (not logged in) (::1)> USER
(000027)04/07/2011 12:46:08 - (not logged in) (::1)> 331 Password required for
(000027)04/07/2011 12:46:08 - (not logged in) (::1)> PASS **********
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)> 230 Logged on
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)> SYST
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)> 215 UNIX emulated by FileZilla
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)> FEAT
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)> 211-Features:
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)>  MDTM
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)>  REST STREAM
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)>  SIZE
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)>  MLST type*;size*;modify*;
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)>  MLSD
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)>  AUTH SSL
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)>  AUTH TLS
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)>  PROT
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)>  PBSZ
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)>  UTF8
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)>  CLNT
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)>  MFMT
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)> 211 End
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)> PBSZ 0
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)> 200 PBSZ=0
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)> PROT P
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)> 200 Protection level set to P
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)> PWD
(000027)04/07/2011 12:46:08 - vizeliaftp (::1)> 257 "/" is current directory.
(000027)04/07/2011 12:46:09 - vizeliaftp (::1)> TYPE I
(000027)04/07/2011 12:46:09 - vizeliaftp (::1)> 200 Type set to I
(000027)04/07/2011 12:46:09 - vizeliaftp (::1)> EPSV
(000027)04/07/2011 12:46:09 - vizeliaftp (::1)> 229 Entering Extended Passive Mode (|||57862|)
(000027)04/07/2011 12:46:09 - vizeliaftp (::1)> MLSD
(000027)04/07/2011 12:46:09 - vizeliaftp (::1)> 150 Connection accepted
(000027)04/07/2011 12:46:09 - vizeliaftp (::1)> SSL connection for data connection established
(000027)04/07/2011 12:46:09 - vizeliaftp (::1)> 226 Transfer OK
(000027)04/07/2011 12:46:20 - vizeliaftp (::1)> disconnected.

Coordinator
Jul 4, 2011 at 1:00 PM

Peter,

your FileZila log includes PBSZ and PROT P commands, which means that you're using explicit FTPS.

Cheers,

Alessandro

Jul 4, 2011 at 1:43 PM
I double checked my settings and in the client it says "require implicit FTP over TLS". If I change it to "require explicit FTP over TLS" I get the following in the server log file -

000032)04/07/2011 13:41:23 - (not logged in) (::1)> Connected, sending welcome message...
(000032)04/07/2011 13:41:23 - (not logged in) (::1)> 220-FileZilla Server version 0.9.39 beta
(000032)04/07/2011 13:41:23 - (not logged in) (::1)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000032)04/07/2011 13:41:23 - (not logged in) (::1)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000032)04/07/2011 13:41:23 - (not logged in) (::1)> AUTH TLS
(000032)04/07/2011 13:41:23 - (not logged in) (::1)> 502 SSL/TLS authentication not allowed
(000032)04/07/2011 13:41:23 - (not logged in) (::1)> AUTH SSL
(000032)04/07/2011 13:41:23 - (not logged in) (::1)> 502 SSL/TLS authentication not allowed
(000032)04/07/2011 13:41:23 - (not logged in) (::1)> disconnected.

On 4 July 2011 13:00, alexp <notifications@codeplex.com> wrote:

From: alexp

Peter,

your FileZila log includes PBSZ and PROT P commands, which means that you're using explicit FTPS.

Cheers,

Alessandro

Read the full discussion online.

To add a post to this discussion, reply to this email (ftps@discussions.codeplex.com)

To start a new discussion for this project, email ftps@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com


Coordinator
Jul 4, 2011 at 3:41 PM

Peter,

I think we got the point. Your FileZilla log shows some explicit commands in an implicit scenario.

This is not too strange, considering that implicit FTPS is a non standard feature (only explicit FTPS is standard!).

Anyway, I updated the sources to support this behaviour.

Here's a custom build for you.

Can you please test it?

As usual please post the log file in case further investigation should be necessary.

 

Thanks,

Alessandro

Jul 4, 2011 at 3:50 PM
That's excellent - I've never had support like this before.

It now connects to my Filezilla FTP server on port 990. I even went back to the other beta just to make sure I'd not changed something on the server and that version does still fail.

Thanks!

On 4 July 2011 15:41, alexp <notifications@codeplex.com> wrote:

From: alexp

Peter,

I think we got the point. Your FileZilla log shows some explicit commands in an implicit scenario.

This is not too strange, considering that implicit FTPS is a non standard feature (only explicit FTPS is standard!).

Anyway, I updated the sources to support this behaviour.

Here's a custom build for you.

Can you please test it?

As usual please post the log file in case further investigation should be necessary.

Thanks,

Alessandro

Read the full discussion online.

To add a post to this discussion, reply to this email (ftps@discussions.codeplex.com)

To start a new discussion for this project, email ftps@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com


Coordinator
Jul 4, 2011 at 3:54 PM

Great :-)

Thanks for testing!

Alessandro