EldoS | Feel safer!

Software components for data protection, secure storage and transfer

FileZilla and FTPS - GnuTLS error -12

Posted: 05/24/2011 08:02:26
by Nicklas Bergfeldt (Standard support level)
Joined: 12/04/2007
Posts: 19


Is there anything you can do on your side to accomodate the GnuTLS error received when using latest FileZilla and FTPS?

It works just fine with an older version (http://sourceforge.net/projects/filezilla/files/FileZilla_Client/, but I though that perhaps there is something that can be done on the server side to accomodate for this...

Best regards
Posted: 05/24/2011 08:16:42
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

Try to disable TLS1.1 and TLS1.2, as GnuTLS does not support them correctly.
Posted: 05/24/2011 08:44:07
by Eugene Mayevski (Team)

Also I'd submit this as a bug to Filezilla developers, not to us: this is definitely their bug.

Sincerely yours
Eugene Mayevski
Posted: 04/21/2014 13:39:57
by Federico Simonetti (Premium support level)
Joined: 12/30/2006
Posts: 6

FileZilla used to use OpenSSL. After the "heartbleed" bug was discovered, they quickly moved to GnuTLS. Probably too quickly. Anyway... GnuTLS apparently breaks compatibility with all FTP servers that use SecureBlackbox as their SSL/TLS stack. Still, it's something to take very seriously, as FileZilla is the most widely adopted FTP(S) client in the world.
Obviously I have reported this to FileZilla's developer too, as he is the one who should address the issue (but, you know, when the mountain doesn't come to you, you have to go to the mountain...).
Posted: 04/21/2014 14:00:07
by Eugene Mayevski (Team)

They used GnuTLS for years.

Please upgrade to the latest version of SecureBlackbox - we made some improvements several months ago which improved compatibility with other software including those titles that use GnuTLS. But we can not fix third-party open-source stuff when it is broken. Neither we will break standard compliance in favor of buggy implementations.

Sincerely yours
Eugene Mayevski
Posted: 04/21/2014 14:27:19
by Federico Simonetti (Premium support level)
Joined: 12/30/2006
Posts: 6

I agree not to break standard, of course.
Yet, I regret to inform you that I AM ALREADY using the latest version of SecureBlackbox.
All FileZilla versions prior to 3.8.0 (their latest) used to work smoothly, the latest one keeps raising an exception (-24 decryption has failed).
It's OBVIOUSLY something THEY did. So in an ideal world it's something THEY should fix, and several users - not just me - have already reported the issue to them.
Yet, from your perspective, I think it is always useful to be informed of what is going on, and what has interoperational issues with your library.
Posted: 04/21/2014 15:05:14
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 442

At first glance at FileZilla changelogs they didn't change much in SSL/TLS stack, only some stuff related to TLS session resumption (maybe this is an issue?).
However, they also have messages in changelog like "Fix another stupid error in the same line as before." so it is really hard to guess what's going on on their side.



Topic viewed 11369 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!