Author Topic: FTP + TLS + Passive = Problem  (Read 28911 times)

koreb

  • Newbie
  • *
  • Posts: 3
    • View Profile
FTP + TLS + Passive = Problem
« on: March 10, 2019, 13:50:29 »
Hello.
I tested this issue with two different ftp server: vsftpd, proftpd.
Problem occurs each time only if MultiCommander connect to FTP with TLS and passive mode.
Without passive is OK.
Connection Issue appears after:
MC send command PASV
server answer: 227 Entering passive mode ....
MC send LIST
MC log: = Opening data connection to IP <"server and passive port">
server answer: 150 ...
and after that... after some seconds ....
MC log: = Error reading secure data from the server. (Error : 10060)

Bestregards

Mathias (Author)

  • Administrator
  • VIP Member
  • *****
  • Posts: 4781
    • View Profile
    • Multi Commander
Re: FTP + TLS + Passive = Problem
« Reply #1 on: March 10, 2019, 17:18:17 »
It should work. I use it my self very often.
However, There are a lot of things that need to be correct for FTP to work. And all FTP server have there own quirks.

Error 10060 is a socket timeout error.  Might be Firewall issue. might be cipher error.


koreb

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: FTP + TLS + Passive = Problem
« Reply #2 on: March 11, 2019, 00:56:20 »
I checked TotalCommander, FileZilla and WinSCP(over FTP SSL), all connect with TLS with passive mod perfect.
Server and client both in one LAN. Iptables on server are clear - no rules, all policy 'accept'.
(MC without PASV with TLS works perfect, only passive+tls are problem)
If You use often this configuration Can I ask: what server do you use?

Bestregards

koreb

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: FTP + TLS + Passive = Problem
« Reply #3 on: March 15, 2019, 13:56:22 »
It should work. I use it my self very often.
I'v tested many configuration (others clients: filezilla, winscp, totalcmd; ftpd: vsvftp,proftpd, diferrent phisical servers, different LANs)
100% - not NET problem or firewall - hard checked.
FTPD (proftd, vsftpd) configured with TLS connection only allowed.
Others clients with combination with any ftpd works fine.
Previously I wrote that only PASSIVE dont work (passive is my target:)), but after many others test (many many) I can say problem is in both active/passive.
MC works only with old version of vsftpd (v.2). When actual vesrion of any ftpd are installed then is a problem. Connection hangs after command: "LIST" (passive/active no matter always after LIST).
Reading rfc2228 i see before sending "PROT" client must send "PBSZ". MC does'nt do it. Maybe tha is the problem.
(and one other problem: MC cant support "require ssl reuse": but it's not important - I can switch off this in ftpd conf)

Bestregards.

m3thos

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: FTP + TLS + Passive = Problem
« Reply #4 on: April 03, 2019, 10:28:16 »
Hi , I have a similar issue with a passive ftp connection. My work access it trough proxy, and using other port for ftp might be a problem if the application doesn't treat it correctly.
My ftp server uses other port (990) for authenticated users only, and 21 for anonymous access.

Please note that using FreeComander I am able to connect to ftp using 990 port, and it doesn't have proxy settings or it might use by default the system settings.

 So when I use the 990 port I get this response:

2019-04-03 11:11:19 = Connection to site: ftp.xxxxx on port 990
2019-04-03 11:11:49 < = ** Timeout no repsonse from server **

With default port I get a connection try .. but still fails in the end .. since I need to be authenticated

2019-04-03 11:10:21 = Connection to site: ftp.xxxxxxxxxx on port 21
2019-04-03 11:10:21 < 220 Welcome public xxxxx server. Anonymous are welcome.
2019-04-03 11:10:21 > AUTH TLS
2019-04-03 11:10:21 < 234 AUTH command OK. Initializing SSL connection.
2019-04-03 11:10:21 = Connected using : TLS_RSA_WITH_RC4_128_SHA
2019-04-03 11:10:21 > USER xxxxxxx
2019-04-03 11:10:21 < 331 User name okay, need password.
2019-04-03 11:10:21 > PASS (hidden)
2019-04-03 11:10:21 < 530 Not logged in.
2019-04-03 11:10:21 = Command failed

Mathias (Author)

  • Administrator
  • VIP Member
  • *****
  • Posts: 4781
    • View Profile
    • Multi Commander
Re: FTP + TLS + Passive = Problem
« Reply #5 on: April 03, 2019, 12:57:48 »
Hi , I have a similar issue with a passive ftp connection. My work access it trough proxy, and using other port for ftp might be a problem if the application doesn't treat it correctly.
My ftp server uses other port (990) for authenticated users only, and 21 for anonymous access.

Please note that using FreeComander I am able to connect to ftp using 990 port, and it doesn't have proxy settings or it might use by default the system settings.

 So when I use the 990 port I get this response:

2019-04-03 11:11:19 = Connection to site: ftp.xxxxx on port 990
2019-04-03 11:11:49 < = ** Timeout no repsonse from server **

With default port I get a connection try .. but still fails in the end .. since I need to be authenticated

2019-04-03 11:10:21 = Connection to site: ftp.xxxxxxxxxx on port 21
2019-04-03 11:10:21 < 220 Welcome public xxxxx server. Anonymous are welcome.
2019-04-03 11:10:21 > AUTH TLS
2019-04-03 11:10:21 < 234 AUTH command OK. Initializing SSL connection.
2019-04-03 11:10:21 = Connected using : TLS_RSA_WITH_RC4_128_SHA
2019-04-03 11:10:21 > USER xxxxxxx
2019-04-03 11:10:21 < 331 User name okay, need password.
2019-04-03 11:10:21 > PASS (hidden)
2019-04-03 11:10:21 < 530 Not logged in.
2019-04-03 11:10:21 = Command failed

I don't think this is the same issue. that is not a timeout issue.. The main issue here is that some sort of compatibilityissue that cause a timeout becuse windows except more data but the server does not.

I have not been able to recreate the main issue my self yet. It require a lot of time to setup everything and such and I have not had the time for that,