The patch you provided in fact solves the problem. It works fine again.
Thank you very much.
firstname.lastname@example.org (Yutaka Sato) wrote on 19.08.2008 10:34:37:
> In message <OF8F417BBA.3A21C746-ONC12574AA.0027F3C4-C12574AA.
> 0029B46A@telekurs.com> on 08/19/08(16:35:30)
> you email@example.com wrote:
> |We are using DeleGate as a ftp to ftps proxy. The setting used to work
> |*very well* (and therefore a big thank you for the author
> |of DeleGate). The problem is with Explicit and Implicit SSL/TLS. With
> |older version (3.0.11, which is before FileZilla security patch)
> |and DeleGate work like a charm.With new versions of FileZilla there is
> |problem however, which seems to be related to below issue (the snippet
> |from the FileZilla project's website http://filezilla-project.org)
> |2008-07-24 - Security Advisory
> |FileZilla 184.108.40.206 fixes a vulnerability regarding the way some errors
> |handled on SSL/TLS secured data transfers.
> |If the data connection of a transfer gets closed, FileZilla did not
> |if the server performed an orderly TLS shutdown.
> |An attacker could send spoofed FIN packets to the client. Even though
> |GnuTLS detects this with GNUTLS_E_UNEXPECTED_PACKET_LENGTH, FileZilla
> |not record a transfer failure in all cases.
> |Unfortunately not all servers perform an orderly SSL/TLS shutdown.
> |this cannot be distinguished from an attack, FileZilla will not be
> |download listings or files from such servers.
> |Affected versions
> |All versions prior to 220.127.116.11 are affected. This vulnerability has
> |fixed in 18.104.22.168
> |The error returned by FileZilla points to the issue addressed in the
> |Security Advisory. The german text means
> |"Server did not shutdown TLS-Connection properly."
> |I am not sure whether this is an issue with SSLway or with DeleGate.
> |there a workaround for the described problem?
> |I would apprieciate your answer and again, I think you do a great job!
> |09:15:43 Trace: CTlsSocket::OnRead()
> |09:15:43 Trace: CTlsSocket::OnSocketEvent(): close event
> |09:15:43 Trace: CTransferSocket::OnReceive(), m_transferMode=0
> |09:15:43 Trace: GnuTLS error -9: A TLS packet with unexpected
> |length was received.
> |09:15:43 Status: Server hat die TLS-Verbindung nicht
> |09:15:43 Fehler: Could not read from transfer socket:
> This seems the same problem I heard last night...
> If so, you might be able to solve it with the patch I postedn in:
> And more detailed log output about SSL handling in DeleGate with
> "TLSCONF=-vd" option will be helpful to see what is going.
> 9 9 Yutaka Sato <firstname.lastname@example.org> http://delegate.org/y.sato/
> ( ~ ) National Institute of Advanced Industrial Science and Technology
> _< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller
This e-mail may contain confidential and privileged information.
If you are not the intended recipient, please notify the sender and delete
this e-mail immediately.