SSL/TLS failures after successful initial connection

silentuser

2009-08-17 14:15:06

Excerpt from the log:

[15:40:04] SmartFTP v3.0.1035.0
[15:40:06] Ermittle IP zu Hostnamen xxxxxxx.xxxxxx.xx
[15:40:06] Verbindung mit 89.110.xxx.xx Port: 21
[15:40:06] Verbunden mit xxxxxxx.xxxxxx.xx.
[15:40:06] 220 (vsFTPd 2.0.5)
[15:40:06] AUTH TLS
[15:40:06] 234 Proceed with negotiation.
[15:40:06] Verbunden. Chiffrierungsschlüsselaustausch...
[15:40:06] Sitzungsverschlüsselung: 168 Bit 3DES
[15:40:06] TLS verschlüsselte Sitzung hergestellt.
[15:40:06] Befehls- Kanalschutz geändert in Gesichert.
[15:40:06] PBSZ 0
[15:40:06] 200 PBSZ set to 0.
[15:40:06] USER web1
[15:40:06] 331 Please specify the password.
[15:40:06] PASS (unsichtbar)
[15:40:06] 230 Login successful.
[15:40:06] SYST
[15:40:07] 215 UNIX Type: L8
[15:40:07] Erkannter Servertyp: UNIX
[15:40:07] RTT: 42.544 ms
[15:40:07] FEAT
[15:40:07] 211-Features:
[15:40:07] AUTH SSL
[15:40:07] AUTH TLS
[15:40:07] EPRT
[15:40:07] EPSV
[15:40:07] MDTM
[15:40:07] PASV
[15:40:07] PBSZ
[15:40:07] PROT
[15:40:07] REST STREAM
[15:40:07] SIZE
[15:40:07] TVFS
[15:40:07] 211 End
[15:40:07] PWD
[15:40:07] 257 "/"
[15:40:07] TYPE A
[15:40:07] 200 Switching to ASCII mode.
[15:40:07] PROT P
[15:40:07] 200 PROT now Private.
[15:40:07] PASV
[15:40:07] 227 Entering Passive Mode (89,110,xxx,xx,254,5)
[15:40:07] Öffne Datenverbindung zu 89.110.xxx.xx Port: 65029
[15:40:07] LIST -aLT
[15:40:07] Verbunden. Chiffrierungsschlüsselaustausch...
[15:40:07] 150 Here comes the directory listing.
[15:40:07] Sitzungsverschlüsselung: 168 Bit 3DES
[15:40:07] TLS verschlüsselte Sitzung hergestellt.
[15:40:07] SSL/TLS Netzwerkfehler.
[15:40:07] Ein Socketvorgang konnte nicht ausgeführt werden, da dem System Pufferspeicher fehlte oder eine Warteschlange voll war.
[15:40:08] 0 Byte übertragen. (0 Byte/s) (171 ms)
[15:40:08] 226 Directory send OK.
[15:40:38] NOOP
[15:40:38] 200 NOOP ok.
[15:41:08] NOOP
[15:41:08] 200 NOOP ok.

(end of log excerpt)

you might think, everything is ok, as the NOOP is responded according to the log.
but it is NOT ok, because I don't see any folders or files in the "remote environment".

I had this problem with v2 as well as with v3 now.
And: this problem sometimes occurs after transfer of some files was successful already.
when the error occurs, shutting down and launching again smartftp does not help.
mostly ist does not even help to restart the computer.

you might say now, it's a server error ... believe me, I have already asked the admins. No way...

Any idea/suggestions?

mb

2009-08-17 14:43:19

vsftpd has/had numerous bugs with TLS connection. Install the latest version vsftpd 2.2.0 and then try again.

silentuser

2009-08-17 20:28:14


vsftpd has/had numerous bugs with TLS connection. Install the latest version vsftpd 2.2.0 and then try again.

oh. okay. I just asked the server admins to consider doing this - thank you for this suggestion!

I must admit, I had also tried from a different computer... as far as this test ran, there seemed to be no problem.
and my project developer, who uses a different system (i believe with a different client software, but don't know which one) never reported me about such problems (though that would be a perfect excuse for him on being late in updating the project online ;-).

But we shall see, what the server admins will answer this time... :-)

by the way ... I updated to 3.0.1037, and now i can switch the interface language back to EN, which was not possible in my previous 3.0.1035 setup ... there the language select form element was hidden behind other interface elements or was away for other unknown reason. the interesting thing now is, that the first of the two error lines as well as almost the whole log is in english now. with only one exception: "Ein Socketvorgang konnte nicht ausgeführt werden, da dem System Pufferspeicher fehlte oder eine Warteschlange voll war." is still in german... so does that message come from the operating system? or from smartftp? is this relevant?

mb

2009-08-17 20:32:00

The problem might also be with a buggy software firewall / antivirus product that is installed on your system. Uninstall them and try again.

silentuser

2009-08-17 21:17:39

mmmmmmmhhhh .... I have feared so much to hear this :]

but sounds logic, of course.
I remember I even once uninstalled my av/fw combo product, and suddenly it worked,
BUT afte re-installing the combo software it worked as well. for a few sessions at least...
(that was when I gave up with v2.x and tried the 3.x, which after some weeks suddenly told me that my license does not fit, hiding all my ftp passwords, oh what fun!, which made me renew the maintenance period...)

at least my problem is not a wide-spread one which I was only too lazy to find in this forum

well my av/fw combo software license will expire anyway next month.
I will use that opportunity to check again whether there is a coincidence.
IF the server admins will not have indeed found a bug in the server/vsftpd by the time...

mb

2009-08-17 21:19:40

Try to disable the software firewall / antivirus product first. This helps sometimes.

If you have Windows Vista or higher installed there is no need for an additional software firewall product.

silentuser

2009-08-17 21:33:26

yes I just tried disabling the fw ... but the FTP over TLS/SSL problem persists.

it is NIS2009 on an old fashioned winXP HE 32bit. (visually styled to win98-like )

but indeed the fw logs "an instance of c:\prog...\SmartFTP Client\SmartFTP.exe is about to access on the internet. status: detected. recommended action: no action required." (translated from german...).

have now changed some "program access" configuration in the firewall for smartftp.exe from "automatic" into "allow" ... but helpless, too.

what a pity.

mb

2009-08-17 21:40:19

In some versions of NIS you had to disable some hidden [x] worm protection setting.

silentuser

2009-08-17 21:43:36


In some versions of NIS you had to disable some hidden [x] worm protection setting.

*interrupting searching NIS support resources / contacting live support and starting checking this*

update 1: found "rare protocols", but this does not offe ftp over ssl/tls. found "automatic application controlling", but this even warns me that if it is deactivated then important applications might be blocked... "do you really want to switch this featore off?" no I don't in this case :]

*checking for further options*

silentuser

2009-08-17 21:57:46

worm protection?

I remember from other users that this is/was part of NAV and acted "like" a firewall???

yet I did not find it in NIS2009... *continuing checking*

silentuser

2009-08-17 22:08:41

giving up on searching the NIS config. as the symantec support has no business hours now, I regoogle the problem ... and find my own thread here

mb

2009-08-17 22:09:07

You are probably right. I probably meant NAV and not NIS ;-)

Why don't you uninstall NIS2009 temporary?

Regards,
Mat

silentuser

2009-08-17 22:30:02

just returning from uninstalling NIS2009, rebooting XP, engaging winXP firewall for network adapter in use. launching smartFTP and clicking around there ... and hate to say that now it works fine ... will test it a few more minutes ... but my gf is already complaining about me not joining the bed... so this is my last post for tonight ... good night and sleep well everybody! :-)