Hi Yutaka, The patch you provided in fact solves the problem. It works fine again. Thank you very much. Cheers, Markus feedback@delegate.org (Yutaka Sato) wrote on 19.08.2008 10:34:37: > Hi, > > In message <OF8F417BBA.3A21C746-ONC12574AA.0027F3C4-C12574AA. > 0029B46A@telekurs.com> on 08/19/08(16:35:30) > you p5uhqbdyi-mxhgu46yokxw.ml@delegate.org wrote: > |We are using DeleGate as a ftp to ftps proxy. The setting used to work > |*very well* (and therefore a big thank you for the author > |of DeleGate). The problem is with Explicit and Implicit SSL/TLS. With an > |older version (3.0.11, which is before FileZilla security patch) FileZilla > |and DeleGate work like a charm.With new versions of FileZilla there is a > |problem however, which seems to be related to below issue (the snippet is > |from the FileZilla project's website http://filezilla-project.org) > | > | > |2008-07-24 - Security Advisory > |FileZilla 3.1.0.1 fixes a vulnerability regarding the way some errors are > |handled on SSL/TLS secured data transfers. > |If the data connection of a transfer gets closed, FileZilla did not check > |if the server performed an orderly TLS shutdown. > |Impact > |An attacker could send spoofed FIN packets to the client. Even though > |GnuTLS detects this with GNUTLS_E_UNEXPECTED_PACKET_LENGTH, FileZilla did > |not record a transfer failure in all cases. > |Unfortunately not all servers perform an orderly SSL/TLS shutdown. Since > |this cannot be distinguished from an attack, FileZilla will not be able to > |download listings or files from such servers. > |Affected versions > |All versions prior to 3.1.0.1 are affected. This vulnerability has been > |fixed in 3.1.0.1 > | > |The error returned by FileZilla points to the issue addressed in the > |Security Advisory. The german text means > |"Server did not shutdown TLS-Connection properly." > ... > |I am not sure whether this is an issue with SSLway or with DeleGate. Is > |there a workaround for the described problem? > |I would apprieciate your answer and again, I think you do a great job! > ... > |09:15:43 Trace: CTlsSocket::OnRead() > |09:15:43 Trace: CTlsSocket::OnSocketEvent(): close event received > |09:15:43 Trace: CTransferSocket::OnReceive(), m_transferMode=0 > |09:15:43 Trace: GnuTLS error -9: A TLS packet with unexpected > |length was received. > |09:15:43 Status: Server hat die TLS-Verbindung nicht ordnungsgemç±– > |geschlossen > |09:15:43 Fehler: Could not read from transfer socket: ECONNABORTED > > This seems the same problem I heard last night... > If so, you might be able to solve it with the patch I postedn in: > <URL:http://www.delegate.org/mail-lists/delegate-en/4076> > And more detailed log output about SSL handling in DeleGate with > "TLSCONF=-vd" option will be helpful to see what is going. > > Cheers, > Yutaka > -- > 9 9 Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/ > ( ~ ) National Institute of Advanced Industrial Science and Technology > _< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan > Do the more with the less -- B. Fuller This e-mail may contain confidential and privileged information. If you are not the intended recipient, please notify the sender and delete this e-mail immediately.
V