Question: FTP upload Filezilla TLS error
1
odhardy • 10 wrote:
Hi, having issue uploading via Filezilla 3.27.0.1 windows: I receive the errors below after "retrieving directory listing..." GnuTLS error -110: The TLS connection was non-properly terminated. Status: Server did not properly shut down TLS connection Error: Transfer connection interrupted: ECONNABORTED - Connection aborted
I verified settings related to new changes from July 19. I am using FTP + require FTP over TLS, i accepted the certificate that came up when first connecting, but I cannot connect. thanks for any assistance. Owen Hardy
ADD COMMENT
• link
•
modified 16 months ago
by
Jennifer Hillman Jackson ♦ 25k
•
written
16 months ago by
odhardy • 10
Hi Jen, I can connect at home on Filezilla + Mac. I cannot connect at work on Filezilla + windows 7 since changes were made to galaxy. I cannot resume any transfers as I cannot even connect at all--after adjusting encryption settings to require TLS and accepting the new certificate I get the error above. I can get a little further by changing transfer settings from default to active in Filezilla, but then it fails loading the directory. I CAN connect to other servers via filezilla on windows, galaxy is the only one I cannot connect to right now.
Require TLS + default transfer setting
Require TLS + active transfer setting
Please see this Q&A from this morning. In short, use Passive mode with Filezilla. The connection will still be handled in secure TLS mode. https://biostar.usegalaxy.org/p/24299/
HI Jen, Thanks for your reply however I'm not sure what you would have me do? If I use default settings then that produces connection refused error in the first place (default or passive, require TLS or use TLS when available none make a difference and already tried before reporting). Also, how do I avoid using MLSD command? I see no setting or preference relating to this.
I resolved this by using default settings with Filezilla (on a MAC).
If I instead try to adjust the settings, active mode is enabled (directly or indirectly), and Filezilla sends out a series of commands as a way to get the server's directory listing. This invokes the problematic command.
In short, use FTP in passive mode (the default) and do not change anything else related to TLS. This still produces a server directly listing and the security cert will still pop-up to be accepted. The transfer will be in TLS secure mode as that is the only connection type available and the Filezilla client will fall back to that usage (and report it in the log).
There haven't been other problems reported when using a PC and I haven't tested that out specifically. Try using defaults and let us know how that goes (it wasn't clear if you already tried that or not).
I updated the text help here to be more specific (the video uses a different example client and the Filezilla-specific issues with active FTP mode were not known at that time): https://galaxyproject.org/ftp-upload/#upload-from-client
And created a ticket for admin review here, just in case there is some other workaround: https://github.com/galaxyproject/galaxy/issues/4384
I've tested with both older versions of Filezilla and the latest release - passive FTP using defaults is what works on a MAC and I suspect on a PC as well.
example windows user with issue: https://biostar.usegalaxy.org/p/24242/ default everything on windows does NOT work. Passive does NOT work. On Mac yes I can connect fine. I have tried cyberduck, winSCP, Filezilla on windows 7. All fail in one of the two ways above. Also just tried different PC with windows 10 with fresh Filezilla install. Same issue.
Thanks for testing out the solution. I also asked the other user if default works for them (they tried under more than one OS - windows and linux-ubuntu). It is not clear if they used default settings.
Our team is looking into this but hasn't been able to reproduce the issue yet. It is possible that a firewall or other network situation is blocking the connection. The other user's error suggests that. But let's follow up and find out for certain what the problem is exactly and come up with a solution. More feedback soon.
I am having the same problem to connect to usegalaxy.org using etiher winSCP or Filezilla on Windows 10, but I used to connect using the same ftp clients some weeks ago, Now I also tried several Galaxy servers and it works.
Any suggestion will be welcome. Many thanks
Can you send me the IP address you're connecting from so I can check our logs? I suspect either the protocol (TLS 1.1+) or available ciphers are not compatible between client and server.
nate@bx.psu.edu
Hi Nate, 104.129.198.109
No hits in the logs, but as configured they are not very verbose.
Can you point your (passive mode) client at galaxy-web-06.galaxyproject.org port 30921? I've started up a debugging server there that should hopefully reveal the issue.
Yep that works, successfully connected and transferred file
But it fails if you make the same connection to the same host on port 21?
yes if I try main with any mode, port 21 I get the error below. I never get a successful directory listing so I cannot even begin file transfer...or maybe you meant the test server on 21. No that doesn't work either, just tried. Same error.
Sorry for not getting back to you - I suspect this is a firewall issue. Many firewalls do packet inspection and start dropping packets once the communication is encrypted in a protocol that it is expecting to be unencrypted.
For cases like this, I'm going to set up an implicit FTPS server on the standard ports 990 and 991, which most firewalls should happily ignore.