I discovered a bug using rclone to sync some data over to a pyftpdlib-based application. Essentially, if TLS 1.3 is used, most uploads will randomly get truncated near the end.
For example, if we try uploading a file that is 29633874 bytes large, we can see it getting truncated sometimes:
The OpenSSL version on the client (rclone) is unclear because it's a statically linked Go binary. (Not even sure if Go uses OpenSSL or if they use BoringSSL.)
OpenSSL on the server (pyftpdlib) is 1.1.1f-1ubuntu2.18.
I discovered a bug using rclone to sync some data over to a pyftpdlib-based application. Essentially, if TLS 1.3 is used, most uploads will randomly get truncated near the end.
For example, if we try uploading a file that is 29633874 bytes large, we can see it getting truncated sometimes:
The upload was truncated at 29224960 bytes (compared with original filesize of 29633874).
In the FTPS server with debug logging, we see:
The FTP handler gets a ECONNRESET for some reason instead of a proper TLS 1.3 shutdown.
If we re-run the test and disable TLS 1.3 in rclone using the
--ftp-disable-tls13
flag, the upload succeeds perfectly every time:Versions:
Root Cause Speculation
It's quite possible there's an underlying bug here in pyopenssl or even OpenSSL: https://github.com/openssl/openssl/issues/10880
There's a closed bug in proftpd that looks the same as my debug log above: https://github.com/proftpd/proftpd/issues/959 And their workaround is here: https://github.com/proftpd/proftpd/commit/6d6cde2d2cd90c727c4f86c0cd95f6721daa7087
Thanks!