Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

senramesh

RESOLVED - Issue was because of the stale processess

RESOLVED - Issue was because of the stale processess

Thank you much for the reply, but managed to fix it. But the Google search lead me to the wrong way. The issue was on the Linux front. I noticed that the even after stopping or restarting the VSFTP daemon the VSFTPD related processes are not completely stopped. Few process are still alive, those process locked the PASSIVE connection ports 40000-40010. VSFTPD also didn't complained saying that the ports are in use and cannot be allocated. Because of the stale processes, after the PASV command...it gets disconnected abruptly. Please see the transcript. 


[root@AMK-MDC-FTP vsftpd]# ls-/etinc/init.d/vsftpd stop

Shutting down vsftpd: [  OK  ]



[root@MY_SERVER vsftpd]# netstat -anp | grpe ep vsftp

tcp        0      0 xx.xx.xx.xx:40000           0.0.0.0:*                   LISTEN      20538/vsftpd        

tcp        0      0 xx.xx.xx.xx:40001           0.0.0.0:*                   LISTEN      20442/vsftpd        

tcp        0      0 xx.xx.xx.xx:40002           0.0.0.0:*                   LISTEN      20438/vsftpd        

tcp        0      0 xx.xx.xx.xx:40003           0.0.0.0:*                   LISTEN      20606/vsftpd        

tcp        0      0 xx.xx.xx.xx:40004           0.0.0.0:*                   LISTEN      20587/vsftpd     <== Process failing to stop

tcp        0      0 xx.xx.xx.xx:40005           0.0.0.0:*                   LISTEN      20435/vsftpd        

tcp        0      0 xx.xx.xx.xx:40006           0.0.0.0:*                   LISTEN      20546/vsftpd        

tcp        0      0 xx.xx.xx.xx:40007           0.0.0.0:*                   LISTEN      20432/vsftpd        

tcp        0      0 xx.xx.xx.xx:40008           0.0.0.0:*                   LISTEN      20696/vsftpd        

tcp        0      0 xx.xx.xx.xx:40009           0.0.0.0:*                   LISTEN      20693/vsftpd        

tcp        0      0 xx.xx.xx.xx:40010           0.0.0.0:*                   LISTEN      20600/vsftpd        



[root@MY_SERVER vsftpd]# ps -ef } g| grep vsftp

root      8643  3262  0 11:59 pts/1    00:00:00 grep vsftp

nobody   20432     1  0  2012 ?        00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

nobody   20433 20432  0  2012 ?        00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf



[ TRUNCATED O/P FOR VISIBILITY ]



nobody   20696     1  0  2012 ?        00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

nobody   20697 20696  0  2012 ?        00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

upldusr  20698 20696  0  2012 ?        00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf





[root@MY_SERVER vsftpd]# ps -ef | grep vsftpd | awk '{print $2}' | xargs kill -9



[root@MY_SERVER vsftpd]# /etc/init.d/vsftpd start

Starting vsftpd for vsftpd: [  OK  ]



Then all started working fine. May be helpful to some ppl, if they face similar issues.
martin

Re: WinSCP - SSL3 alert write: fatal: protocol version

Was it really "sudden" or did you change anything? WinSCP upgrade? VSFTPD upgrade?
senramesh

WinSCP - SSL3 alert write: fatal: protocol version

I have a RHEL based VSFTPD server running FTPS. I was using the WinSCP for connecting to the server with "TLS Explicit" and "Force IP Addr Pasv mode". Suddenly WinSCP started throwing error from last two months. Not sure VSFTPD or Openssl or WinSCP issue.

Please! Please!! Help me.



WinSCP UI error


SSL3 alert write: fatal: protocol version

Disconnected from server

Could not retrieve directory listing

Switching to ASCII mode.

Error listing directory '/'.




My VSFTPD configuration as follows


ssl_enable=YES

allow_anon_ssl=NO

force_local_data_ssl=YES

force_local_logins_ssl=YES

ssl_tlsv1=YES

ssl_sslv2=NO

ssl_sslv3=NO

rsa_cert_file=/etc/vsftpd/vsftpd.pem

log_ftp_protocol=YES

require_ssl_reuse=NO

pasv_promiscuous=YES

pasv_min_port=40000

pasv_max_port=40010

ssl_ciphers=HIGH



debug_ssl=YES

vsftpd_log_file=/var/log/vsftpd.log

dual_log_enable=YES

anonymous_enable=no

local_enable=YES

write_enable=YES

local_umask=022

dirmessage_enable=YES

xferlog_enable=YES

xferlog_file=/var/log/xferlog

xferlog_std_format=YES

chroot_local_user=YES

listen=YES

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES




WinSCP Dubug2 Log shows like this


. 2013-03-13 13:17:08.377 --------------------------------------------------------------------------

. 2013-03-13 13:17:08.377 WinSCP Version 5.1.4 (Build 3020) (OS 6.1.7601 Service Pack 1)

. 2013-03-13 13:17:08.377 Configuration: C:\testuser\tools\winscp514\WinSCP.ini

. 2013-03-13 13:17:08.377 Local account: skanda\testuseree

. 2013-03-13 13:17:08.377 Working directory: C:\testuser\tools\winscp514

. 2013-03-13 13:17:08.377 Command-line: "C:\testuser\tools\winscp514\WinSCP.exe" 

. 2013-03-13 13:17:08.377 Time zone: Current: GMT+4, Standard: GMT+4, DST: GMT+5, DST Start: 30/12/1899, DST End: 30/12/1899

. 2013-03-13 13:17:08.377 Login time: Wednesday, March 13, 2013 1:17:08 PM

. 2013-03-13 13:17:08.377 --------------------------------------------------------------------------

. 2013-03-13 13:17:08.377 Session name: myftpuser@xx.xx.xx.xx (Stored session)

. 2013-03-13 13:17:08.377 Host name: xx.xx.xx.xx (Port: 21)

. 2013-03-13 13:17:08.377 User name: myftpuser (Password: Yes, Key file: No)

. 2013-03-13 13:17:08.377 Tunnel: No

. 2013-03-13 13:17:08.377 Transfer Protocol: FTP

. 2013-03-13 13:17:08.377 Ping type: C, Ping interval: 30 sec; Timeout: 30 sec

. 2013-03-13 13:17:08.377 Proxy: none

. 2013-03-13 13:17:08.377 FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: +]

. 2013-03-13 13:17:08.377 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes

. 2013-03-13 13:17:08.377 Cache directory changes: Yes, Permanent: Yes

. 2013-03-13 13:17:08.377 DST mode: 1; Timezone offset: 4h 0m

. 2013-03-13 13:17:08.377 --------------------------------------------------------------------------

. 2013-03-13 13:17:08.377 Session upkeep

. 2013-03-13 13:17:08.471 Connecting to xx.xx.xx.xx ...

. 2013-03-13 13:17:08.471 m_pSslLayer changed state from 0 to 1

. 2013-03-13 13:17:08.471 m_pSslLayer changed state from 1 to 2

. 2013-03-13 13:17:08.471 m_pSslLayer changed state from 2 to 4

. 2013-03-13 13:17:08.533 Connected with xx.xx.xx.xx, negotiating SSL connection...

< 2013-03-13 13:17:08.533 220 (vsFTPd 2.2.2)

> 2013-03-13 13:17:08.533 AUTH TLS

< 2013-03-13 13:17:08.533 234 Proceed with negotiation.

. 2013-03-13 13:17:09.157 SSL_connect: SSLv3 read server hello A

. 2013-03-13 13:17:09.157 SSL_connect: SSLv3 read server certificate A

. 2013-03-13 13:17:09.157 SSL_connect: SSLv3 read server certificate request A

. 2013-03-13 13:17:09.157 SSL_connect: SSLv3 read server done A

. 2013-03-13 13:17:09.157 SSL_connect: SSLv3 write client certificate A

. 2013-03-13 13:17:09.157 SSL_connect: SSLv3 write client key exchange A

. 2013-03-13 13:17:09.157 SSL_connect: SSLv3 write change cipher spec A

. 2013-03-13 13:17:09.157 SSL_connect: SSLv3 write finished A

. 2013-03-13 13:17:09.157 SSL_connect: SSLv3 flush data

. 2013-03-13 13:17:09.188 SSL_connect: SSLv3 read server session ticket A

. 2013-03-13 13:17:09.188 SSL_connect: SSLv3 read finished A

. 2013-03-13 13:17:09.188 Using TLSv1, cipher TLSv1/SSLv3: AES256-SHA, 1024 bit RSA

. 2013-03-13 13:17:09.220 SSL connection established. Waiting for welcome message...

> 2013-03-13 13:17:09.220 USER myftpuser

< 2013-03-13 13:17:09.220 331 Please specify the password.

> 2013-03-13 13:17:09.220 PASS *********

< 2013-03-13 13:17:09.298 230 Login successful.

> 2013-03-13 13:17:09.298 SYST

< 2013-03-13 13:17:09.329 215 UNIX Type: L8

> 2013-03-13 13:17:09.329 FEAT

< 2013-03-13 13:17:09.360 211-Features:

< 2013-03-13 13:17:09.360  AUTH SSL

< 2013-03-13 13:17:09.360  AUTH TLS

< 2013-03-13 13:17:09.391  EPRT

< 2013-03-13 13:17:09.391  EPSV

< 2013-03-13 13:17:09.391  MDTM

< 2013-03-13 13:17:09.391  PASV

< 2013-03-13 13:17:09.391  PBSZ

< 2013-03-13 13:17:09.391  PROT

< 2013-03-13 13:17:09.391  REST STREAM

< 2013-03-13 13:17:09.391  SIZE

< 2013-03-13 13:17:09.391  TVFS

< 2013-03-13 13:17:09.391  UTF8

< 2013-03-13 13:17:09.391 211 End

> 2013-03-13 13:17:09.391 OPTS UTF8 ON

< 2013-03-13 13:17:09.422 200 Always in UTF8 mode.

> 2013-03-13 13:17:09.422 PBSZ 0

< 2013-03-13 13:17:09.454 200 PBSZ set to 0.

> 2013-03-13 13:17:09.454 PROT P

< 2013-03-13 13:17:09.469 200 PROT now Private.

. 2013-03-13 13:17:09.532 Connected

. 2013-03-13 13:17:09.532 Got reply 1 to the command 1

. 2013-03-13 13:17:09.532 --------------------------------------------------------------------------

. 2013-03-13 13:17:09.532 Using FTP protocol.

. 2013-03-13 13:17:09.532 Doing startup conversation with host.

> 2013-03-13 13:17:09.594 PWD

< 2013-03-13 13:17:09.610 257 "/"

. 2013-03-13 13:17:09.610 Got reply 1 to the command 16

. 2013-03-13 13:17:09.656 Getting current directory name.

. 2013-03-13 13:17:09.844 Retrieving directory listing...

> 2013-03-13 13:17:09.844 TYPE A

< 2013-03-13 13:17:09.844 200 Switching to ASCII mode.

> 2013-03-13 13:17:09.844 PASV

. 2013-03-13 13:17:09.844 SSL3 alert write: fatal: protocol version

. 2013-03-13 13:17:09.844 Disconnected from server

. 2013-03-13 13:17:09.844 Could not retrieve directory listing

. 2013-03-13 13:17:09.844 Got reply 1004 to the command 2

. 2013-03-13 13:17:09.968 Connecting to xx.xx.xx.xx ...

. 2013-03-13 13:17:09.968 m_pSslLayer changed state from 0 to 1

. 2013-03-13 13:17:09.968 m_pSslLayer changed state from 1 to 2

. 2013-03-13 13:17:09.968 m_pSslLayer changed state from 2 to 4

. 2013-03-13 13:17:10.031 Connected with xx.xx.xx.xx, negotiating SSL connection...

< 2013-03-13 13:17:10.031 220 (vsFTPd 2.2.2)

> 2013-03-13 13:17:10.031 AUTH TLS

< 2013-03-13 13:17:10.031 234 Proceed with negotiation.

. 2013-03-13 13:17:10.031 SSL_connect: SSLv3 read server hello A

. 2013-03-13 13:17:10.031 SSL_connect: SSLv3 read server certificate A

. 2013-03-13 13:17:10.031 SSL_connect: SSLv3 read server certificate request A

. 2013-03-13 13:17:10.031 SSL_connect: SSLv3 read server done A

. 2013-03-13 13:17:10.031 SSL_connect: SSLv3 write client certificate A

. 2013-03-13 13:17:10.031 SSL_connect: SSLv3 write client key exchange A

. 2013-03-13 13:17:10.031 SSL_connect: SSLv3 write change cipher spec A

. 2013-03-13 13:17:10.031 SSL_connect: SSLv3 write finished A

. 2013-03-13 13:17:10.031 SSL_connect: SSLv3 flush data

. 2013-03-13 13:17:10.046 SSL_connect: SSLv3 read server session ticket A

. 2013-03-13 13:17:10.046 SSL_connect: SSLv3 read finished A

. 2013-03-13 13:17:10.046 Using TLSv1, cipher TLSv1/SSLv3: AES256-SHA, 1024 bit RSA

. 2013-03-13 13:17:10.093 SSL connection established. Waiting for welcome message...

> 2013-03-13 13:17:10.093 USER myftpuser

< 2013-03-13 13:17:10.093 331 Please specify the password.

> 2013-03-13 13:17:10.093 PASS *********

< 2013-03-13 13:17:10.171 230 Login successful.

> 2013-03-13 13:17:10.171 SYST

< 2013-03-13 13:17:10.218 215 UNIX Type: L8

> 2013-03-13 13:17:10.218 FEAT

< 2013-03-13 13:17:10.249 211-Features:

< 2013-03-13 13:17:10.249  AUTH SSL

< 2013-03-13 13:17:10.249  AUTH TLS

< 2013-03-13 13:17:10.249  EPRT

< 2013-03-13 13:17:10.249  EPSV

< 2013-03-13 13:17:10.265  MDTM

< 2013-03-13 13:17:10.265  PASV

< 2013-03-13 13:17:10.265  PBSZ

< 2013-03-13 13:17:10.265  PROT

< 2013-03-13 13:17:10.265  REST STREAM

< 2013-03-13 13:17:10.265  SIZE

< 2013-03-13 13:17:10.265  TVFS

< 2013-03-13 13:17:10.280  UTF8

< 2013-03-13 13:17:10.280 211 End

> 2013-03-13 13:17:10.280 OPTS UTF8 ON

< 2013-03-13 13:17:10.296 200 Always in UTF8 mode.

> 2013-03-13 13:17:10.296 PBSZ 0

< 2013-03-13 13:17:10.327 200 PBSZ set to 0.

> 2013-03-13 13:17:10.327 PROT P

< 2013-03-13 13:17:10.358 200 PROT now Private.

. 2013-03-13 13:17:10.405 Connected

. 2013-03-13 13:17:10.405 Got reply 1 to the command 1

. 2013-03-13 13:17:10.405 Doing startup conversation with host.

> 2013-03-13 13:17:10.468 PWD

< 2013-03-13 13:17:10.499 257 "/"

. 2013-03-13 13:17:10.499 Got reply 1 to the command 16

. 2013-03-13 13:17:10.530 Changing directory to "/".

> 2013-03-13 13:17:10.530 CWD /

< 2013-03-13 13:17:10.561 250 Directory successfully changed.

. 2013-03-13 13:17:10.561 Got reply 1 to the command 16

. 2013-03-13 13:17:10.561 Getting current directory name.

> 2013-03-13 13:17:10.561 PWD

< 2013-03-13 13:17:10.592 257 "/"

. 2013-03-13 13:17:10.592 Got reply 1 to the command 16

. 2013-03-13 13:17:10.655 Startup conversation with host finished.

. 2013-03-13 13:17:10.873 Retrieving directory listing...

> 2013-03-13 13:17:10.873 TYPE A

< 2013-03-13 13:17:10.873 200 Switching to ASCII mode.

> 2013-03-13 13:17:10.873 PASV

. 2013-03-13 13:17:10.873 SSL3 alert write: fatal: protocol version

. 2013-03-13 13:17:10.873 Disconnected from server

. 2013-03-13 13:17:10.873 Could not retrieve directory listing

. 2013-03-13 13:17:10.873 Got reply 1004 to the command 2

* 2013-03-13 13:17:11.092 (EFatal) Lost connection.

* 2013-03-13 13:17:11.092 SSL3 alert write: fatal: protocol version

* 2013-03-13 13:17:11.092 Disconnected from server

* 2013-03-13 13:17:11.092 Could not retrieve directory listing

* 2013-03-13 13:17:11.092 Switching to ASCII mode.

* 2013-03-13 13:17:11.092 Error listing directory '/'.




Openssl connect on RHEL-VSFTPD server


[root@MY_SERVER vsftpd]# openssl s_client -connect xx.xx.xx.xx:21 -state -debug -tls1 -msg

CONNECTED(00000003)

SSL_connect:before/connect initialization

write to 0x959b9b0 [0x95e104b] (113 bytes => 113 (0x71))

0000 - 16 03 01 00 6c 01 00 00-68 03 01 51 40 7e b4 0a   ....l...h..Q@~..

0010 - d5 df 03 3d 9d f7 de b2-a4 43 36 8c 18 af 3d 25   ...=.....C6...=%

0020 - 22 93 e2 70 a5 8f 02 65-6f 23 a1 00 00 3a 00 39   "..p...eo#...:.9

0030 - 00 38 00 88 00 87 00 35-00 84 00 16 00 13 00 0a   .8.....5........

0040 - 00 33 00 32 00 9a 00 99-00 45 00 44 00 2f 00 96   .3.2.....E.D./..

0050 - 00 41 00 05 00 04 00 15-00 12 00 09 00 14 00 11   .A..............

0060 - 00 08 00 06 00 03 00 ff-02 01 00 00 04 00 23      ..............#

0071 - <SPACES/NULS>

>>> TLS 1.0 Handshake [length 006c], ClientHello

    01 00 00 68 03 01 51 40 7e b4 0a d5 df 03 3d 9d

    f7 de b2 a4 43 36 8c 18 af 3d 25 22 93 e2 70 a5

    8f 02 65 6f 23 a1 00 00 3a 00 39 00 38 00 88 00

    87 00 35 00 84 00 16 00 13 00 0a 00 33 00 32 00

    9a 00 99 00 45 00 44 00 2f 00 96 00 41 00 05 00

    04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00

    03 00 ff 02 01 00 00 04 00 23 00 00

SSL_connect:SSLv3 write client hello A

read from 0x959b9b0 [0x95dcafb] (5 bytes => 5 (0x5))

0000 - 32 32 30 20 28                                    220 (

write to 0x959b9b0 [0x95e6508] (7 bytes => 7 (0x7))

0000 - 15 03 01 00 02 02 46                              ......F

>>> TLS 1.0 Alert [length 0002], fatal protocol_version

    02 46

SSL3 alert write:fatal:protocol version

SSL_connect:error in SSLv3 read server hello A

3079272172:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:338:

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 5 bytes and written 7 bytes

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : TLSv1

    Cipher    : 0000

    Session-ID:

    Session-ID-ctx:

    Master-Key:

    Key-Arg   : None

    Krb5 Principal: None

    PSK identity: None

    PSK identity hint: None

    Start Time: 1363181236

    Timeout   : 7200 (sec)

    Verify return code: 0 (ok)

---

Documentation

Support

Associations

Follow Us