GnuTLS error when connecting over FTPS with Filezilla
Closed, ResolvedPublic

Description

Hello there,

After FileZilla update (3.39.0), it is impossible to connect over FTPS which yields

GnuTLS error -50 in gnutls_priority_set_direct: The request is invalid.
Failed to initialize TLS.
File transfer failed

With some investigation online, I found the issue was reported and closed by FileZilla here and here because it was supposed to be fixed in latest stable version (here 3.39).

GnuTLS package version is the following.

libgnutls30/green,now 3.6.5-2 amd64  [installed]
  GNU TLS library - main runtime library

Once again, it should have been fixed with the last stable version (3.6.5-2) according to their closed ticket here.

Is it something related to PureOS packaging?

Many thanks

Takuan created this task.Jan 24 2019, 10:20 AM

I don't think this is related to PureOS packaging because we tend not to change upstream Debian packages except where necessary. I'll take a closer look, but I don't really understand the key issue. I see that libgnutls is going to change, but will that fix the problem? It appears they're only going to turn it into a no-op, so won't we need a new FileZilla that brings back in the functionality somehow? What about other protocols like SFTP (or is that the same as FTPS?) or SCP?

Thank you for your reply.
I don't know for SFTP (SSH File Transfer Protocol) because my hosting plan doesn't include this option so I can't test it or use it. FTPS is different: this is FTP over TLS/SSL (so basically a secured regular FTP). I don't know SCP.
Yes I didn't catch all the implication of these GnuTLS/FileZilla issues and as you said I think this should be dealt with on the FileZilla side.
Should we raise this to FileZilla dev?

Okay, if your hosting plan does not offer SSH, then as you say SFTP (and also SCP which is secure copy and uses SSH for data transfer) won't work. SSH is likely more secure however if configured correctly but perhaps you have no control over the plan your ISP offers you.

I think reaching out to the FileZilla folks will help, or looking at Debian's bug tracker to see if there are changes in Debian that we inherit in PureOS. In fact, I can see the Debian changelog states there are TLS related bug fixes coming into the testing suite so that should come into PureOS too; https://metadata.ftp-master.debian.org/changelogs/main/f/filezilla/filezilla_3.39.0-1_changelog

In fact it might already be in our repos; https://repo.pureos.net/pureos/pool/main/f/filezilla/

Seems you are on the right track in that the error message indicates FileZilla is requesting a feature unavailable in GnuTLS. The exact cause for you may not be same as the one addressed in the bugreorts you found - they might just be for similar kinds of issues.

It seems FileZilla 3.40 fixes yet another wrong linking with GnuTLS: https://filezilla-project.org/versions.php

PureOS generally use Debian testing packages, and Debian has not yet packaged FileZilla 3.40: https://tracker.debian.org/pkg/filezilla

You can help speed up processing by filing a bugreport in Debian, making them aware that the new 3.40 fixes a bug causing severe trouble for some users, you included (but be nice and mention that you use Debian only indirectly via the PureOS derivative): https://www.debian.org/Bugs/Reporting

jeremiah.foster triaged this task as "Normal" priority.Jan 30 2019, 3:41 PM
Takuan added a comment.Feb 2 2019, 8:02 PM

Alright thank you for your replies. In fact, there was an update of FileZilla today and it did fix this issue. I am able to connect again over FTPS.

jeremiah.foster closed this task as "Resolved".Feb 4 2019, 2:49 PM
jeremiah.foster claimed this task.

I'm glad to hear FTPS is working again. I'm going to close this issue for now.

Add Comment