Разрыв соединения по tsl при смене каталога или попытке работы с файлами

[gonkong]

Проблема при подключении к pure-ftpd по tls1-1.2 (3) После соединения, читает список папок и файлов, при переходе в другую папку или операции с файлами, происходит разрыв и реконнект.

Filezilla работает нормально.

`. 2019-02-16 06:51:00.549 -------------------------------------------------------------------------- . 2019-02-16 06:51:00.549 NetBox Version 2.4.5 (Build 531) (OS 10.0.17134 - Windows 10 Home) . 2019-02-16 06:51:00.550 Configuration: NetBox 3\ . 2019-02-16 06:51:00.551 Working directory: C:\FAR3\Plugins . 2019-02-16 06:51:00.551 Process ID: 10120 . 2019-02-16 06:51:00.551 Time zone: Current: GMT (RTZ 2 (зима)), No DST . 2019-02-16 06:51:00.551 -------------------------------------------------------------------------- . 2019-02-16 06:51:00.551 Transfer Protocol: FTP . 2019-02-16 06:51:00.551 Code Page: 65001 . 2019-02-16 06:51:00.551 Ping type: Dummy, Ping interval: 30 sec; Timeout: 15 sec . 2019-02-16 06:51:00.551 Disable Nagle: Yes . 2019-02-16 06:51:00.551 Proxy: None . 2019-02-16 06:51:00.551 Send buffer: 262144 . 2019-02-16 06:51:00.551 UTF: Off . 2019-02-16 06:51:00.551 FTPS: Explicit TLS/SSL [Client certificate: No] . 2019-02-16 06:51:00.551 FTP: Passive: Yes [Force IP: Auto]; MLSD: Auto [List all: Auto]; HOST: Auto . 2019-02-16 06:51:00.551 Session reuse: Yes . 2019-02-16 06:51:00.551 TLS/SSL versions: TLSv1.0-TLSv1.2 . 2019-02-16 06:51:00.551 Local directory: default, Remote directory: /public/image/catalog, Update: Yes, Cache: No . 2019-02-16 06:51:00.551 Cache directory changes: No, Permanent: No . 2019-02-16 06:51:00.551 Recycle bin: Delete to: No, Overwritten to: No, Bin path: . 2019-02-16 06:51:00.551 Timezone offset: 0h 0m . 2019-02-16 06:51:00.551 -------------------------------------------------------------------------- . 2019-02-16 06:51:00.553 Connecting to x.x.x.x ... . 2019-02-16 06:51:00.553 TLS layer changed state from unconnected to connecting . 2019-02-16 06:51:00.568 TLS layer changed state from connecting to connected . 2019-02-16 06:51:00.568 Connected with x.x.x.x, negotiating TLS connection... < 2019-02-16 06:51:00.582 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- < 2019-02-16 06:51:00.583 220-You are user number 1 of 1000 allowed. < 2019-02-16 06:51:00.639 220-Local time is now 06:51. Server port: 21. < 2019-02-16 06:51:00.639 220-This is a private system - No anonymous login < 2019-02-16 06:51:00.639 220-IPv6 connections are also welcome on this server. < 2019-02-16 06:51:00.639 220 You will be disconnected after 15 minutes of inactivity.

2019-02-16 06:51:00.639 AUTH TLS < 2019-02-16 06:51:00.639 234 AUTH TLS OK. . 2019-02-16 06:51:00.639 TLS connect: SSLv3/TLS write client hello . 2019-02-16 06:51:00.639 TLS connect: SSLv3/TLS read server hello . 2019-02-16 06:51:00.639 TLS connect: SSLv3/TLS read server certificate . 2019-02-16 06:51:00.639 TLS connect: SSLv3/TLS read server key exchange . 2019-02-16 06:51:00.639 TLS connect: SSLv3/TLS read server done . 2019-02-16 06:51:00.639 TLS connect: SSLv3/TLS write client key exchange . 2019-02-16 06:51:00.639 TLS connect: SSLv3/TLS write change cipher spec . 2019-02-16 06:51:00.639 TLS connect: SSLv3/TLS write finished . 2019-02-16 06:51:00.639 TLS connect: SSLv3/TLS write finished . 2019-02-16 06:51:00.639 TLS connect: SSLv3/TLS read server session ticket . 2019-02-16 06:51:00.639 TLS connect: SSLv3/TLS read change cipher spec . 2019-02-16 06:51:00.639 TLS connect: SSLv3/TLS read finished . 2019-02-16 06:51:00.639 Verifying certificate for "Default Company Ltd" with fingerprint *** and 18 failures . 2019-02-16 06:51:00.642 Certificate for "Default Company Ltd" matches cached fingerprint and failures . 2019-02-16 06:51:00.642 Using TLSv1.2, cipher TLSv1.2: ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA, ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD . 2019-02-16 06:51:00.642 TLS connection established. Waiting for welcome message... 2019-02-16 06:51:00.642 USER xxxxx < 2019-02-16 06:51:00.768 331 User xxxxx OK. Password required 2019-02-16 06:51:00.768 PASS * < 2019-02-16 06:51:00.768 230 OK. Current directory is / 2019-02-16 06:51:00.768 SYST < 2019-02-16 06:51:00.768 215 UNIX Type: L8 2019-02-16 06:51:00.768 FEAT < 2019-02-16 06:51:00.768 211-Extensions supported: < 2019-02-16 06:51:00.768 EPRT < 2019-02-16 06:51:00.888 IDLE < 2019-02-16 06:51:00.888 MDTM < 2019-02-16 06:51:00.888 SIZE < 2019-02-16 06:51:00.888 MFMT < 2019-02-16 06:51:00.888 REST STREAM < 2019-02-16 06:51:00.888 MLST type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique; < 2019-02-16 06:51:00.888 MLSD < 2019-02-16 06:51:00.888 AUTH TLS < 2019-02-16 06:51:00.888 PBSZ < 2019-02-16 06:51:00.888 PROT < 2019-02-16 06:51:00.888 UTF8 < 2019-02-16 06:51:00.888 ESTA < 2019-02-16 06:51:00.888 PASV < 2019-02-16 06:51:00.888 EPSV < 2019-02-16 06:51:00.888 SPSV < 2019-02-16 06:51:00.888 ESTP < 2019-02-16 06:51:00.888 211 End. 2019-02-16 06:51:00.888 OPTS UTF8 ON < 2019-02-16 06:51:00.888 200 OK, UTF-8 enabled 2019-02-16 06:51:00.888 PBSZ 0 < 2019-02-16 06:51:00.888 200 PBSZ=0 2019-02-16 06:51:00.888 PROT P < 2019-02-16 06:51:00.888 200 Data protection level set to "private" . 2019-02-16 06:51:00.888 Connected . 2019-02-16 06:51:00.888 Got reply 1 to the command 1 . 2019-02-16 06:51:00.888 -------------------------------------------------------------------------- . 2019-02-16 06:51:00.888 Using FTPS protocol. . 2019-02-16 06:51:00.888 Doing startup conversation with host. 2019-02-16 06:51:00.888 PWD < 2019-02-16 06:51:00.899 257 "/" is your current location . 2019-02-16 06:51:00.899 Got reply 1 to the command 16 . 2019-02-16 06:51:00.899 Changing directory to "/public/image/catalog". 2019-02-16 06:51:00.899 CWD /public/image/catalog < 2019-02-16 06:51:00.978 250 OK. Current directory is /public/image/catalog . 2019-02-16 06:51:00.978 Got reply 1 to the command 16 . 2019-02-16 06:51:00.978 Getting current directory name. 2019-02-16 06:51:00.978 PWD < 2019-02-16 06:51:00.989 257 "/public/image/catalog" is your current location . 2019-02-16 06:51:00.989 Got reply 1 to the command 16 . 2019-02-16 06:51:00.999 Retrieving directory listing... 2019-02-16 06:51:00.999 TYPE A < 2019-02-16 06:51:01.068 200 TYPE is now ASCII 2019-02-16 06:51:01.068 PASV < 2019-02-16 06:51:01.068 227 Entering Passive Mode (188,225,58,163,156,17) 2019-02-16 06:51:01.068 MLSD . 2019-02-16 06:51:01.068 Connecting to x.x.x.x:39953 ... . 2019-02-16 06:51:01.068 Data connection opened . 2019-02-16 06:51:01.068 Trying reuse main TLS session ID . 2019-02-16 06:51:01.068 TLS layer changed state from none to connected < 2019-02-16 06:51:01.068 150 Accepted data connection . 2019-02-16 06:51:01.068 Main TLS session ID not reused, will not try again . 2019-02-16 06:51:01.068 TLS connect: SSLv3/TLS write client hello . 2019-02-16 06:51:01.068 TLS connect: SSLv3/TLS read server hello . 2019-02-16 06:51:01.068 TLS connect: SSLv3/TLS read change cipher spec . 2019-02-16 06:51:01.068 TLS connect: SSLv3/TLS read finished . 2019-02-16 06:51:01.068 TLS connect: SSLv3/TLS write change cipher spec . 2019-02-16 06:51:01.068 TLS connect: SSLv3/TLS write finished . 2019-02-16 06:51:01.068 Using TLSv1.2, cipher TLSv1.2: ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA, ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD . 2019-02-16 06:51:01.068 TLS connection established . 2019-02-16 06:51:01.068 type=cdir;sizd=4096;modify=20190216032713;UNIX.mode=02775;UNIX.uid=1000;UNIX.gid=1000;unique=fd01gc11dc; . . 2019-02-16 06:51:01.068 type=pdir;sizd=4096;modify=20190206174249;UNIX.mode=0755;UNIX.uid=1000;UNIX.gid=1000;unique=fd01ga1554; .. . 2019-02-16 06:51:01.068 type=dir;sizd=4096;modify=20190215185820;UNIX.mode=0755;UNIX.uid=0;UNIX.gid=1000;unique=fd01gc14e5; a121 . 2019-02-16 06:51:01.068 type=dir;sizd=4096;modify=20190216032720;UNIX.mode=02750;UNIX.uid=1000;UNIX.gid=1000;unique=fd01ge26c8; a124 <список файлов> < 2019-02-16 06:51:01.199 226-Options: -a -l < 2019-02-16 06:51:01.199 226 13 matches total . 2019-02-16 06:51:01.199 Directory listing successful . 2019-02-16 06:51:01.199 Got reply 1 to the command 2 . 2019-02-16 06:51:01.199 ..;D;0;1899-12-30T34779:25:51.617Z;0;"" [0];"" [0];---------;0 . 2019-02-16 06:51:01.199 a121;D;0;2019-02-15T18:58:20.000Z;3;"0" [0];"1000" [0];rwxr-xr-x;0 . 2019-02-16 06:51:01.199 a124;D;0;2019-02-16T03:27:20.000Z;3;"1000" [0];"1000" [0];---------;0 <список файлов> . 2019-02-16 06:51:01.199 Startup conversation with host finished. . 2019-02-16 06:51:02.846 Changing directory to "a121". 2019-02-16 06:51:02.847 CWD a121 < 2019-02-16 06:51:02.858 250 OK. Current directory is /public/image/catalog/a121 . 2019-02-16 06:51:02.858 Got reply 1 to the command 16 . 2019-02-16 06:51:02.858 Getting current directory name. 2019-02-16 06:51:02.858 PWD < 2019-02-16 06:51:02.868 257 "/public/image/catalog/a121" is your current location . 2019-02-16 06:51:02.868 Got reply 1 to the command 16 . 2019-02-16 06:51:02.868 Retrieving directory listing... 2019-02-16 06:51:02.868 TYPE A < 2019-02-16 06:51:02.949 200 TYPE is now ASCII 2019-02-16 06:51:02.949 PASV < 2019-02-16 06:51:02.949 227 Entering Passive Mode (188,225,58,163,171,61) 2019-02-16 06:51:02.949 MLSD . 2019-02-16 06:51:02.949 Connecting to x.x.x.x:43837 ... . 2019-02-16 06:51:02.949 Data connection opened . 2019-02-16 06:51:02.949 Main TLS session ID was not reused previously, not trying again . 2019-02-16 06:51:02.949 TLS layer changed state from none to connected < 2019-02-16 06:51:02.949 150 Accepted data connection . 2019-02-16 06:51:02.949 TLS connect: SSLv3/TLS write client hello . 2019-02-16 06:51:02.949 TLS connect: SSLv3/TLS read server hello . 2019-02-16 06:51:02.949 TLS connect: SSLv3/TLS read server certificate . 2019-02-16 06:51:02.949 TLS connect: SSLv3/TLS read server key exchange . 2019-02-16 06:51:02.949 TLS connect: SSLv3/TLS read server done . 2019-02-16 06:51:02.949 TLS connect: SSLv3/TLS write client key exchange . 2019-02-16 06:51:02.949 TLS connect: SSLv3/TLS write change cipher spec . 2019-02-16 06:51:02.949 TLS connect: SSLv3/TLS write finished . 2019-02-16 06:51:02.949 TLS connect: SSLv3/TLS write finished . 2019-02-16 06:51:02.949 TLS connect: SSLv3/TLS read server session ticket . 2019-02-16 06:51:02.949 TLS connect: SSLv3/TLS read change cipher spec . 2019-02-16 06:51:02.949 TLS connect: SSLv3/TLS read finished . 2019-02-16 06:51:02.949 Using TLSv1.2, cipher TLSv1.2: ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA, ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD . 2019-02-16 06:51:02.949 TLS connection established . 2019-02-16 06:51:02.949 TLS layer changed state from connected to closed . 2019-02-16 06:51:02.949 Data connection closed . 2019-02-16 06:51:02.949 . 2019-02-16 06:51:02.949 TLS layer changed state from connected to closed . 2019-02-16 06:51:02.949 Disconnected from server . 2019-02-16 06:51:02.949 Could not retrieve directory listing . 2019-02-16 06:51:02.949 Got reply 1004 to the command 2 . 2019-02-16 06:51:02.949 Connection was lost, asking what to do. . 2019-02-16 06:51:02.949 Asking user: . 2019-02-16 06:51:02.949 Lost connection. ("Using TLSv1.2, cipher TLSv1.2: ECDHE-RSA-AES128-GCM-SHA256, 1024 bit RSA, ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD . 2019-02-16 06:51:02.949 ","Disconnected from server","Could not retrieve directory listing") `

[VictorVG]

Зайдите на вкладку Соединение (для каждого сервера используются свои настройки) и попробуйте увеличить таймаут соединения до 120 --130 секунд что увеличит время до принятия клиентом решения "Надо посылать bay, всё равно сервер не отвечает!" , так же поставьте там флажок "Посылать пустые команды протокола", тут интервала 30 сек обычно хватает так как они послыются когда человек ждёт завершения операции.

Заданное по умолчанию время 15 секунд очень мало для работы с удалёнными серверами, надо при случае покопаться в исходникаж и поправить сиё безобразие.:)

[gonkong]

Спасибо за ответ. Сейчас попробуем

[gonkong]

К сожалению ничего не поменялось.

[VictorVG]

Если сервер сидит в безопасной локалке, то попробуйте обычный FTP. У меня в роутере этот же демон и TLS был вырублен сразу - с OSF/1 к серверу не удавалось подключится. Прикинул - что сетка пд моим полным контролем и отключил TLS. Всё работает и соединение не рвётся. Возможно и вам стоит так поступить...