[gnutls-devel] GnuTLS | Fail to retrieve directory listing connecting TLS 1.3 protocol (#1451)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Jan 31 17:35:18 CET 2023 


Alla Gofman created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1451



## Description of problem:
Use FileZilla FTPS client. Connect protocol TLS 1.3.
Server based on Java 11 or higher.
Java TLS implementation on close sends "user_canceled" alert before sending "close_notify"
(for some backsword compatibility)

GnuTLS fails to retrieve directory listing with error:
**tls_layer_impl::failure(-12)**
and FileZilla client aborts connection on this error.

According to:
https://www.rfc-editor.org/rfc/rfc8446#section-6.1

  user_canceled:  This alert notifies the recipient that the sender is
      canceling the handshake for some reason unrelated to a protocol
      failure.  If a user cancels an operation after the handshake is
      complete, just closing the connection by sending a "close_notify"
      is more appropriate.  This alert SHOULD be followed by a
      "close_notify".  This alert generally has AlertLevel=warning.

** user_canceled - should be treated as a warning and not an error.

When called gnutls_record_recv() - GnuTLS returns code:
| -12 | GNUTLS_E_FATAL_ALERT_RECEIVED | A TLS fatal alert has been received. |

instead returning for example
| -16 | GNUTLS_E_WARNING_ALERT_RECEIVED | A TLS warning alert has been received. |

FileZilla client expects 
| 0 | GNUTLS_E_SUCCESS | Success. |
Otherwise aborts connection.

Opened also bug to FileZilla:
https://trac.filezilla-project.org/ticket/12099

## Version of gnutls used:
GnuTLS 3.6.7

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)


## How reproducible:

Steps to Reproduce:

 * one
Use Server based on Java v11 оr higher.
See https://mina.apache.org/ftpserver-project/
 * two
Use FileZilla FTPS client to connect to above server with TLS 1.3 protocol to retrieve directory listing

## Actual results:
FileZilla  client aborts the connection

## Expected results:
List directory succeeded

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1451
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230131/1e4581be/attachment-0001.html>

More information about the Gnutls-devel mailing list