Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using FtpEncryptionMode.Auto fails on FileZilla Server #1686

Open
kenkendk opened this issue Dec 4, 2024 · 3 comments
Open

Using FtpEncryptionMode.Auto fails on FileZilla Server #1686

kenkendk opened this issue Dec 4, 2024 · 3 comments
Labels
insufficient info possible bug response requested workaround

Comments

@kenkendk
Copy link

kenkendk commented Dec 4, 2024

FTP Server OS: Windows

FTP Server Type: FileZilla 1.9.4 with Explicit TLS

Client Computer OS: Windows

FluentFTP Version: 50.1.0

Framework: .NET 8

When connecting to the server, using AsyncFtpClient and FtpEncryptionMode.Auto, it fails with the error:

Please call Connect() before trying to read the Capabilities!

Changing to FtpEncryptionMode.Explicit works fine.

Problem seems to be that the FTP server does not allow the initial USER command gives an error 503 that is not recognized by FluentFTP.
Not sure about compatibility with other server, but I would think that issuing the AUTH command as the first command would be the correct way to probe for TLS support.

Server Logs :

When using the Auto setting, this is the server interaction:

FTP Session 77777 X.X.X.X [Response] 220-FileZilla Server 1.9.4
FTP Session 77777 X.X.X.X [Response] 220 Please visit https://filezilla-project.org/
FTP Session 77777 X.X.X.X [Command] USER Username
FTP Session 77777 X.X.X.X [Response] 503 Use AUTH first.
FTP Session 77777 X.X.X.X [Command] QUIT
@FanDjango FanDjango added the bug label Dec 6, 2024
@FanDjango
Copy link
Collaborator

I would think that issuing the AUTH command as the first command would be the correct way to probe for TLS support

Yes, I think you are right.

@FanDjango FanDjango mentioned this issue Dec 31, 2024
Closed
@FanDjango
Copy link
Collaborator

FanDjango commented Jan 2, 2025
edited
Loading

I have set up FileZilla Server 1.9.4, for IMPLICIT TLS. (See below for EXPLICIT TLS)

Using this:

			await using var client = new AsyncFtpClient("127.0.0.1", "bla", "bla");
			client.Config.EncryptionMode = FtpEncryptionMode.Auto;
			client.Config.DataConnectionType = FtpDataConnectionType.PASV;
			client.Config.DownloadDataType = FtpDataType.Binary;
			client.Config.ValidateAnyCertificate = true;
			client.Config.Noop = false;
			client.Config.NoopInterval = 750;
			client.Config.NoopTestConnectivity = false;

			client.Config.Navigate = FtpNavigate.SemiAuto;

			client.LegacyLogger = FTPLogEvent;

			await client.AutoConnect();

			await client.Disconnect();

I have successfully connected.
In this scenario, TLS is active "implicitly" be port number at connection.
Here is the log:

>         AutoConnect()
>         AutoDetect(CloneConnection = False, FirstOnly = True, IncludeImplicit = True, AbortOnTimeout = True, RequireEncryption = False, ProtocolPriority = [Tls11, Tls12])
Status:   Auto-Detect trying encryption mode "Auto" with "Tls11, Tls12"
>         Connect(False)
Status:   FluentFTP 52.0.0.0(.NET 5.0) AsyncFtpClient
Status:   Connecting(async) AsyncFtpClient.FtpSocketStream(control) IP #1 = ***:21
>         Disconnect()
Status:   Connection already closed, nothing to do.
Status:   Auto-Detect trying encryption mode "None"
>         Connect(False)
Status:   FluentFTP 52.0.0.0(.NET 5.0) AsyncFtpClient
Status:   Connecting(async) AsyncFtpClient.FtpSocketStream(control) IP #1 = ***:21
>         Disconnect()
Status:   Connection already closed, nothing to do.
Status:   Auto-Detect trying encryption mode "Implicit" with "Tls11, Tls12"
>         Connect(False)
Status:   FluentFTP 52.0.0.0(.NET 5.0) AsyncFtpClient
Status:   Connecting(async) AsyncFtpClient.FtpSocketStream(control) IP #1 = ***:990
Status:   FTPS authentication successful, lib = .NET SslStream, cipher suite = Tls12 (Aes256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 44550, 255) [36ms]
Status:   Waiting for a response
Response: 220-FileZilla Server 1.9.4
Response: 220-Please visit https://filezilla-project.org/
Response: 220 Welcome to the AnSyNova FileZilla FTP Server [739252,463d]
Status:   Detected FTP server: FileZilla
Command:  USER ***
Status:   Waiting for response to: USER ***
Response: 331 Please, specify the password. [1ms]
Command:  PASS ***
Status:   Waiting for response to: PASS ***
Response: 230 Login successful. [9ms]
Command:  PBSZ 0
Status:   Waiting for response to: PBSZ 0
Response: 200 PBSZ=0 [<1ms]
Command:  PROT P
Status:   Waiting for response to: PROT P
Response: 200 Protection level set to P [<1ms]
Command:  FEAT
Status:   Waiting for response to: FEAT
Response: 211-Features:
Response: MDTM
Response: REST STREAM
Response: SIZE
Response: MLST type*;size*;modify*;perm*;
Response: MLSD
Response: AUTH SSL
Response: AUTH TLS
Response: PROT
Response: PBSZ
Response: UTF8
Response: TVFS
Response: EPSV
Response: EPRT
Response: MFMT
Response: 211 End [1ms]

Without some detailed information, such as I have posted here as an example, it isn't really possible to help you.

Please call Connect() before trying to read the Capabilities!

This is not an error message that is in any way connected to the problem you describe up top. It belongs to another one of the issues you have opened. They are all mixed up.

@FanDjango
Copy link
Collaborator

And here is the sequence of event with FileZilla set up for EXPLICIT TLS (using the same code above):

This is the scenario where the AUTH is explicitly requesting TLS before credentials are passed.

>         AutoConnect()
>         AutoDetect(CloneConnection = False, FirstOnly = True, IncludeImplicit = True, AbortOnTimeout = True, RequireEncryption = False, ProtocolPriority = [Tls11, Tls12])
Status:   Auto-Detect trying encryption mode "Auto" with "Tls11, Tls12"
>         Connect(False)
Status:   FluentFTP 52.0.0.0(.NET 5.0) AsyncFtpClient
Status:   Connecting(async) AsyncFtpClient.FtpSocketStream(control) IP #1 = ***:21
Status:   Waiting for a response
Response: 220-FileZilla Server 1.9.4
Response: 220-Please visit https://filezilla-project.org/
Response: 220 Welcome to the AnSyNova FileZilla FTP Server [739253,417d]
Status:   Detected FTP server: FileZilla
Command:  AUTH TLS
Status:   Waiting for response to: AUTH TLS
Response: 234 Using authentication type TLS. [11ms]
Status:   FTPS authentication successful, lib = .NET SslStream, cipher suite = Tls12 (Aes256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 44550, 255) [45ms]
Command:  USER ***
Status:   Waiting for response to: USER ***
Response: 331 Please, specify the password. [1ms]
Command:  PASS ***
Status:   Waiting for response to: PASS ***
Response: 230 Login successful. [9ms]
Command:  PBSZ 0
Status:   Waiting for response to: PBSZ 0
Response: 200 PBSZ=0 [<1ms]
Command:  PROT P
Status:   Waiting for response to: PROT P
Response: 200 Protection level set to P [<1ms]
Command:  FEAT
Status:   Waiting for response to: FEAT
Response: 211-Features:
Response: MDTM
Response: REST STREAM
Response: SIZE
Response: MLST type*;size*;modify*;perm*;
Response: MLSD
Response: AUTH SSL
Response: AUTH TLS
Response: PROT
Response: PBSZ
Response: UTF8
Response: TVFS
Response: EPSV
Response: EPRT
Response: MFMT
Response: 211 End [1ms]

Really hard to say how you managed to produce that log excerpt of yours.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
insufficient info possible bug response requested workaround
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kenkendk @FanDjango